Skip to main content

Rosariosis CVE-2022-2067

CRITICAL
SQL Injection (CWE-89)
2022-06-13 security@huntr.dev
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 13, 2022 - 13:15 nvd
CRITICAL 9.1

DescriptionNVD

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.

AnalysisAI

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Affected products include: Rosariosis. Version information: prior to 9.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2021-44427 CRITICAL POC
9.8 Nov 29

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allow

CVE-2023-0994 HIGH POC
7.5 Feb 24

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8

CVE-2021-45416 MEDIUM POC
6.1 Feb 01

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the

CVE-2020-15718 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc

CVE-2020-15716 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip

CVE-2022-2714 CRITICAL
9.8 Sep 06

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated

CVE-2023-29918 MEDIUM POC
5.4 May 02

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2022-3072 MEDIUM POC
5.4 Sep 01

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severit

CVE-2022-2036 MEDIUM POC
5.4 Jun 09

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severit

CVE-2022-1997 MEDIUM POC
5.4 Jun 08

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity

CVE-2023-2665 HIGH
7.5 May 12

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to

CVE-2023-2202 MEDIUM
6.5 Apr 21

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5

Share

CVE-2022-2067 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy