Vulnerability Description
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rosariosis | Rosariosis | < 7.6.1 |
Related Weaknesses (CWE)
References
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-iRelease NotesThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bcPatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f03PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/308ExploitIssue TrackingPatch
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-iRelease NotesThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bcPatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f03PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/308ExploitIssue TrackingPatch
FAQ
What is CVE-2021-44567?
CVE-2021-44567 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
How severe is CVE-2021-44567?
CVE-2021-44567 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44567?
Check the references section above for vendor advisories and patch information. Affected products include: Rosariosis Rosariosis.