4 matches found
RosarioSIS 7.6 - SQL Injection
Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...
📄 RosarioSIS SQL Injection
RosarioSIS versions prior to 7.6.1 suffer from a remote unauthenticated SQL injection vulnerability. Exploit Title: RosarioSIS $votesarray && if ! empty $votesarray && PortalPollsVote $pollid, $votesarray votes'; CREATE TABLE aaat text --=1...
CVE-2021-44567
creationtimestamp| type| source ---|---|--- 2022-02-24 18:21:25+00:00| seen| https://t.me/cibsecurity/38019 2025-04-11 05:35:40+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3lmjcddkckn2o 2025-04-12 21:02:17+00:00| seen|...
CVE-2021-44567
CVE-2021-44567 affects RosarioSIS, prior to 7.6.1. An unauthenticated SQL injection is exposed via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php, allowing arbitrary query execution. The vulnerability is demonstrated in public advisories and exploit sources (e.g., Proof-of-Conce...