CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allow
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CRITICAL · CVSS 9.8
EPSS 0.88416
Act now
- EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
- EPSS percentile: top 0% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0