CVE-2021-41691
published 2025-06-24CVE-2021-41691: A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.72%
74.6th percentile
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| os4ed | opensis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandstudent_id=updatexml(0x23,concat(1,md5(999999999)),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5↗
- →Detect exploitation attempts by monitoring POST requests to /TransferredOutModal.php containing SQL injection payloads in the student_id or TRANSFER[SCHOOL] parameters, specifically looking for updatexml() or concat() function calls. ↗
- →Successful exploitation produces a response body containing the strings '<!-- SQL STATEMENT:' and 'SELECT COUNT(STUDENT_ID)' — monitor HTTP responses for these patterns as a post-exploitation indicator. ↗
- →Exploitation requires prior authentication; monitor for login attempts to /index.php followed immediately by POST requests to /TransferredOutModal.php, which is the two-step attack chain. ↗
- ·Exploitation requires valid credentials; the Nuclei template uses default credentials (student / student@123) suggesting the attack is viable against installations with default or weak credentials. ↗
- ·The vulnerability is confirmed against openSIS version 8.0 specifically; other versions are not referenced in the source material. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gcfh-26rr-mgwj: A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8
ghsa_unreviewed·2025-06-26
CVE-2021-41691 [CRITICAL] CWE-89 GHSA-gcfh-26rr-mgwj: A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
VulnCheck
os4ed opensis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2021·CVSS 9.8
CVE-2021-41691 [CRITICAL] os4ed opensis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
os4ed opensis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
Affected: OS4Ed Open Source Information System Community
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://vulncheck.com/advisories/os4ed-opensis-community-sql-injection
No detection rules found.
Nuclei
openSIS Student Information System 8.0 SQL Injection
nuclei·CVSS 6.1
CVE-2021-41691 [MEDIUM] openSIS Student Information System 8.0 SQL Injection
openSIS Student Information System 8.0 SQL Injection
openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.
Template:
id: CVE-2021-41691
info:
name: openSIS Student Information System 8.0 SQL Injection
author: Bartu Utku SARP
severity: high
description: openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
remediation: |
Apply the latest security pa
No writeups or analysis indexed.
2025-06-24
Published
Exploited in the wild