openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. Read more