CVE-2021-44427: CVE-2021-44427

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-44427

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Rosario Student Information System SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Rosario Student Information System是用于学校管理的免费学生信息系统。 Rosario Student Information System 存在安全漏洞，该漏洞源于在8.1.1之前，Rosario Student Information System(又名rosariosis)存在一个未经验证的SQL注入漏洞。攻击者可利用该漏洞通过year参数的Side.php执行PostgreSQL语句(例如:SELECT、INSERT、UPDATE、DELETE)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-44427

#	POC Description	Source Link	Shenlong Link
1	An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44427.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-44427

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-44427

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-44427

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-44427

III. Intelligence Information for CVE-2021-44427

IV. Related Vulnerabilities

V. Comments for CVE-2021-44427

Leave a comment