CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 29, 2021
Published Date: November 29, 2021
Last Updated: August 04, 2024
Vendor: n/a
Product: n/a
Description: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Exploit Status

Exploited in the Wild: Yes (2025-11-08 00:00:00 UTC) Source

References

https://gitlab.com/francoisjacquet/rosariosis/-/issues/328

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-11-08 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44427.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

November 29, 2021
CVE Published to Public

November 29, 2021
Detected by Nuclei

April 25, 2025
Added to KEVIntel

November 08, 2025