cbcvebase.
CVE-2021-44427
published 2021-11-29

CVE-2021-44427: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
50.64%
98.8th percentile
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
francoisjacquetrosariosis>= 0 < 8.1.18.1.1
rosariosisrosariosis< 8.1.18.1.1

Detection & IOCsextracted from sources · hover to see the quote

url/Side.php
commandsidefunc=update&syear=111'
  • HTTP POST to /Side.php with body containing syear parameter with a single quote triggers a PostgreSQL error response containing 'DB Execute Failed. ERROR:' and 'unterminated quoted string' in the response body.
  • Presence of 'RosarioSIS=' cookie in the HTTP response header can confirm the target is a RosarioSIS instance.
  • The vulnerable endpoint accepts unauthenticated POST requests with Content-Type application/x-www-form-urlencoded; the syear parameter is the injection point.
  • ·The vulnerability affects RosarioSIS versions 8.1 and below; version 8.1.1 and higher are patched.
  • ·The backend database is specifically PostgreSQL; SQL injection payloads and error signatures are PostgreSQL-specific.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.