CVE-2021-44427: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
References
- github.com/advisories/GHSA-wf5p-f5xr-c4jj
- github.com/francoisjacquet/rosariosis/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016
- gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016
- gitlab.com/francoisjacquet/rosariosis/-/issues/328
- gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md
- nvd.nist.gov/vuln/detail/CVE-2021-44427
Code Behaviors & Features
Detect and mitigate CVE-2021-44427 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →