Skip to main content

Rosariosis CVE-2023-0994

HIGH
Information Exposure (CWE-200)
2023-02-24 security@huntr.dev
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 24, 2023 - 02:15 nvd
HIGH 7.5

DescriptionNVD

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

AnalysisAI

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. Affected products include: Rosariosis. Version information: prior to 10.8.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2021-44427 CRITICAL POC
9.8 Nov 29

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allow

CVE-2022-2067 CRITICAL POC
9.1 Jun 13

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vul

CVE-2021-45416 MEDIUM POC
6.1 Feb 01

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the

CVE-2020-15718 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc

CVE-2020-15716 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip

CVE-2022-2714 CRITICAL
9.8 Sep 06

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated

CVE-2023-29918 MEDIUM POC
5.4 May 02

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2022-3072 MEDIUM POC
5.4 Sep 01

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severit

CVE-2022-2036 MEDIUM POC
5.4 Jun 09

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severit

CVE-2022-1997 MEDIUM POC
5.4 Jun 08

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity

CVE-2023-2665 HIGH
7.5 May 12

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to

CVE-2023-2202 MEDIUM
6.5 Apr 21

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5

Share

CVE-2023-0994 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy