CVE-2021-44427
published 2021-11-29CVE-2021-44427: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
50.64%
98.8th percentile
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | rosariosis | >= 0 < 8.1.1 | 8.1.1 |
| rosariosis | rosariosis | < 8.1.1 | 8.1.1 |
Detection & IOCsextracted from sources · hover to see the quote
commandsidefunc=update&syear=111'
- →HTTP POST to /Side.php with body containing syear parameter with a single quote triggers a PostgreSQL error response containing 'DB Execute Failed. ERROR:' and 'unterminated quoted string' in the response body.
- →Presence of 'RosarioSIS=' cookie in the HTTP response header can confirm the target is a RosarioSIS instance.
- →The vulnerable endpoint accepts unauthenticated POST requests with Content-Type application/x-www-form-urlencoded; the syear parameter is the injection point.
- ·The vulnerability affects RosarioSIS versions 8.1 and below; version 8.1.1 and higher are patched. ↗
- ·The backend database is specifically PostgreSQL; SQL injection payloads and error signatures are PostgreSQL-specific. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL Injection in rosariosis
ghsa·2021-12-02
CVE-2021-44427 [CRITICAL] CWE-89 SQL Injection in rosariosis
SQL Injection in rosariosis
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
OSV
SQL Injection in rosariosis
osv·2021-12-02
CVE-2021-44427 [CRITICAL] SQL Injection in rosariosis
SQL Injection in rosariosis
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
VulnCheck
rosariosis rosariosis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2021·CVSS 9.8
CVE-2021-44427 [CRITICAL] rosariosis rosariosis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
rosariosis rosariosis Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Affected: rosariosis rosariosis
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-18&host_type=src&vulnerability=cve-2021-44427; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09
No detection rules found.
Nuclei
Rosario Student Information System Unauthenticated SQL Injection
nuclei·CVSS 9.8
CVE-2021-44427 [CRITICAL] Rosario Student Information System Unauthenticated SQL Injection
Rosario Student Information System Unauthenticated SQL Injection
An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Template:
id: CVE-2021-44427
info:
name: Rosario Student Information System Unauthenticated SQL Injection
author: furkansayim,xShuden
severity: critical
description: An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
impact: |
Successful exploitation of this vulnera
2021-11-29
Published
Exploited in the wild