Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
Omni Cms
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.8%