Postgresql · Postgresql · CVE-2021-44427
Name of the Vulnerable Software and Affected Versions:
Rosario Student Information System versions prior to 8.1.1
Description:
The issue allows remote attackers to execute PostgreSQL statements, such as SELECT, INSERT, UPDATE, and DELETE, through the /Side.php endpoint via the `syear` parameter. This enables unauthorized access to database operations.
Recommendations:
For versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the /Side.php endpoint to minimize the risk of exploitation.
Avoid using the `syear` parameter in the affected endpoint until the issue is resolved.