CVE-2021-44427
on gitlab
Published
Severity
CVSS v3:
9.8 CRITICAL
CVSS v2:
7.5 HIGH
Description
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:* | n/a | 8.1.1 | * |