CVE-2021-44427

Published November 29th, 2021

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

francoisjacquet/rosariosis

RosarioSIS Student Information System for school management

GitLab