2019-08-08 15:15:12 2019-08-14 17:30:21

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.