GHSA-wf5p-f5xr-c4jj

Suggest an improvement
Source
https://github.com/advisories/GHSA-wf5p-f5xr-c4jj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-wf5p-f5xr-c4jj/GHSA-wf5p-f5xr-c4jj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wf5p-f5xr-c4jj
Aliases
Published
2021-12-02T17:48:53Z
Modified
2023-11-01T04:56:48.882966Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SQL Injection in rosariosis
Details

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

Database specific
{
    "nvd_published_at": "2021-11-29T22:15:00Z",
    "github_reviewed_at": "2021-12-01T21:03:52Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Packagist / francoisjacquet/rosariosis

Package

Name
francoisjacquet/rosariosis
Purl
pkg:composer/francoisjacquet/rosariosis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.1

Affected versions

v5.*

v5.0-beta3
v5.0-beta4
v5.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.1-beta
v5.1
v5.1.1
v5.2-beta
v5.2
v5.3-beta
v5.3
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-beta
v5.4
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.5-beta
v5.5-beta2
v5.5-beta3
v5.5
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6-beta
v5.6
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.7
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.8-beta
v5.8-beta2
v5.8-beta3
v5.8-beta4
v5.8-beta5
v5.8
v5.8.1
v5.9-beta2
v5.9-beta3
v5.9
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6

v6.*

v6.0-beta
v6.0
v6.1
v6.2
v6.2.1
v6.2.2
v6.2.3
v6.3
v6.4
v6.4.1
v6.4.2
v6.5
v6.5.1
v6.5.2
v6.6
v6.6.1
v6.7
v6.7.1
v6.7.2
v6.8-beta
v6.8
v6.8.1
v6.9-beta
v6.9
v6.9.1
v6.9.2
v6.9.3
v6.9.4

v7.*

v7.0-beta
v7.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.2
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.3
v7.3.1
v7.4
v7.5
v7.6
v7.6.1
v7.7
v7.8
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.9
v7.9.1
v7.9.2
v7.9.3

v8.*

v8.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1