An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CPE | Name | Operator | Version |
---|---|---|---|
rosariosis | eq | 6.8 | |
rosariosis | eq | 2.1.1 | |
rosariosis | eq | 5.0-beta4 | |
rosariosis | eq | 2.8.1 | |
rosariosis | eq | 5.4.1 | |
rosariosis | eq | 5.6.4 | |
rosariosis | eq | 2.8.8 | |
rosariosis | eq | 5.7.2 | |
rosariosis | eq | 2.8.12 | |
rosariosis | eq | 2.8.25 |