Vulnerability Description
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rosariosis | Rosariosis | < 8.1.1 |
Related Weaknesses (CWE)
References
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/328ExploitIssue TrackingThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/328ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2021-44427?
CVE-2021-44427 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDAT...
How severe is CVE-2021-44427?
CVE-2021-44427 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44427?
Check the references section above for vendor advisories and patch information. Affected products include: Rosariosis Rosariosis.