cpe:/a:open-school:open-school:1.0 CVE-2009-4208 2009-12-04T14:30:00.750-05:00 2017-09-18T21:29:56.203-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-12-07T08:22:00.000-05:00 EXPLOIT-DB 8839 XF openschool-index-sql-injection(50873) SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.