CVE-2021-44427
CRITICAL EXPLOITED NUCLEIRosariosis < 8.1.1 - SQL Injection
Title source: ruleExploitation Summary
CVE-2021-44427 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Nuclei Templates (1)
Rosario Student Information System Unauthenticated SQL Injection
CRITICALby furkansayim,xShuden
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
Scores
CVSS v3
9.8
EPSS
0.5064
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-09-18
CWE
CWE-89
Status
published
Products (2)
francoisjacquet/rosariosis
0 - 8.1.1Packagist
rosariosis/rosariosis
< 8.1.1
Published
Nov 29, 2021
Tracked Since
Feb 18, 2026