RosarioSIS is a student information system. Used to manage students, create reports and make sound decisions, a SQL injection vulnerability exists in versions of RosarioSIS prior to 9.0, which stems from the application’s lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive data from the database.