CVE-2021-44567

Name of the Vulnerable Software and Affected Versions RosarioSIS versions prior to 7.6.1

Description An unauthenticated SQL Injection issue exists via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

Recommendations For versions prior to 7.6.1, update to version 7.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable ProgramFunctions/PortalPollsNotes.fnc.php file until a patch is applied. Avoid using the votes parameter in the affected function until the issue is resolved.