CVE-2021-44567

Name: CVE-2021-44567
Creator: NVD / NIST
Published: 2022-02-24T15:15:24.193+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 23.67%

Last modified Jun 17, 2026

CVE-2021-44567 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.. EPSS estimates a 23.67% chance of exploitation in the next 30 days.

Description

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

23.67%

97.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Rosariosis	Rosariosis	< 7.6.1

References

https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761Release Notes, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaaPatch, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016Patch, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/308Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761Release Notes, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaaPatch, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016Patch, Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/308Exploit, Issue Tracking, Patch, Third Party Advisory

Timeline

Published: Feb 24, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-44567?

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

How severe is CVE-2021-44567?

CVE-2021-44567 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 23.67% probability of exploitation in the next 30 days.

How do I fix CVE-2021-44567?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-44567?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST