francoisjacquet/rosariosis is vulnerable to SQL injection. It does not escape the input DB identifier in RegistrationSave.fnc.php, Calendar.php, MarkingPeriods.php, SchoolFields.php, AddressFields.php, PeopleFields.php, StudentFields.php & UserFields.php, allowing an attacker to inject malicious SQL query.