An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.