Описание
SQL Injection in rosariosis
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-44427
- https://github.com/francoisjacquet/rosariosis/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
- https://gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md#changes-in-811
Пакеты
Наименование
francoisjacquet/rosariosis
composer
Затронутые версииВерсия исправления
< 8.1.1
8.1.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.