2019-08-08 12:32:46
mitre
PUBLISHED
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.