openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
