CVE-2021-44427

Name of the Vulnerable Software and Affected Versions: Rosario Student Information System versions prior to 8.1.1

Description: The issue allows remote attackers to execute PostgreSQL statements, such as SELECT, INSERT, UPDATE, and DELETE, through the /Side.php endpoint via the syear parameter. This enables unauthorized access to database operations.

Recommendations: For versions prior to 8.1.1, update to version 8.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /Side.php endpoint to minimize the risk of exploitation. Avoid using the syear parameter in the affected endpoint until the issue is resolved.