CVE-2021-44567
published 2022-02-24CVE-2021-44567: An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.67%
97.5th percentile
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | rosariosis | >= 0 < 7.6.1 | 7.6.1 |
| rosariosis | rosariosis | < 7.6.1 | 7.6.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by inspecting POST requests to /ProgramFunctions/PortalPollsNotes.fnc.php that include the HTTP header 'X-Requested-With: XMLHttpRequest' and a 'votes' parameter containing SQL metacharacters (e.g., single quotes, double dashes, SQL keywords like CREATE/DROP/SELECT). ↗
- →The injection is delivered via the 'votes' POST parameter as an array key (e.g., votes[<payload>]=1). WAF/IDS rules should parse array-key notation in POST bodies and apply SQL injection detection to both keys and values of the 'votes' parameter. ↗
- →The vulnerable code path requires: votes is a POST array, X-Requested-With equals XMLHttpRequest, and the votes array is non-empty. All three conditions must be met for the injection to reach PortalPollsVote(). Alert on any POST to this endpoint with these conditions and SQL-like content in array keys. ↗
- ·The vulnerability is unauthenticated — no session or login cookie is required to reach the vulnerable endpoint, meaning perimeter controls relying on authentication state will not block exploitation. ↗
- ·The SQL injection payload is embedded in the array *key* of the votes parameter (not the value), which may bypass WAF/IDS rules that only inspect POST parameter values and not parameter names or array keys. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SQL injection in francoisjacquet/rosariosis
osv·2022-02-25
CVE-2021-44567 [CRITICAL] SQL injection in francoisjacquet/rosariosis
SQL injection in francoisjacquet/rosariosis
An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
GHSA
SQL injection in francoisjacquet/rosariosis
ghsa·2022-02-25
CVE-2021-44567 [CRITICAL] CWE-89 SQL injection in francoisjacquet/rosariosis
SQL injection in francoisjacquet/rosariosis
An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
No detection rules found.
No writeups or analysis indexed.
https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaahttps://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016https://gitlab.com/francoisjacquet/rosariosis/-/issues/308https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaahttps://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016https://gitlab.com/francoisjacquet/rosariosis/-/issues/308
2022-02-24
Published