CVE-2021-44567: 
PHP vulnerability analysis and mitigation

An unauthenticated SQL Injection vulnerability (CVE-2021-44567) was discovered in RosarioSIS versions before 7.6.1. The vulnerability exists in the votes parameter within ProgramFunctions/PortalPollsNotes.fnc.php. This security flaw was disclosed on February 24, 2022, and received a CVSS v3.1 base score of 9.8 (Critical) (NVD).

The vulnerability stems from insufficient sanitization of user input in the PortalPollsVote function. While the system sanitizes $REQUEST array values, it fails to properly sanitize array keys and direct $POST inputs. The vulnerability specifically occurs when HTTP POST parameter keys are directly inserted into SQL queries without proper validation (GitLab Issue). The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability allows attackers to execute arbitrary SQL commands on the underlying database. This can lead to unauthorized data access, data manipulation, and potential creation of new database structures. Attackers could potentially modify user credentials, including administrative passwords, and create new database tables (GitLab Issue).

The vulnerability was patched in RosarioSIS version 7.6.1. The fix includes proper sanitization of input parameters and moving the Portal Poll vote code to modfunc (RosarioSIS Commit). Users are strongly advised to upgrade to version 7.6.1 or later to address this security issue.