CVE-2025-26186 Information

Description

SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php

Reference

https://github.com/OS4ED/openSIS-Classic/pull/330 https://www.os4ed.com/

Related CNNVD

CNNVD-202507-2054 (Published: 2025-07-15)