CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Rosariosis: >> Rosariosis >> 5.0.1 Security Vulnerabilities

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

CVSS Score

9.8

EPSS Score

0.852

Published

2021-11-29

CVE-2020-15721

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.

CVSS Score

6.1

EPSS Score

0.004

Published

2020-07-14

Page 2

Vulnerabilities

Vulnerable Software

Rosariosis: >> Rosariosis >> 5.0.1 Security Vulnerabilities

Products

Pricing

Contact Us