Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-44567 — SQL Injection in Rosariosis

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

9.1%

top 7.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Rosariosis Francoisjacquet Rosariosis

Timeline

PublishedFeb 24

Latest updateApr 11

Description

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDrosariosis/rosariosis< 7.6.1

▶Packagistfrancoisjacquet/rosariosis< 7.6.1

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

SQL injection in francoisjacquet/rosariosis↗2022-02-25

▶

GHSA

SQL injection in francoisjacquet/rosariosis↗2022-02-25

▶

💥Exploits & PoCs

Exploit-DB

RosarioSIS 7.6 - SQL Injection↗2025-04-11

▶