Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis
Description
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
RosarioSIS before 10.0 improperly handles inconsistent length parameters, enabling denial of service via oversized POST data.
Vulnerability
Overview
CVE-2022-2714 describes an improper handling of length parameter inconsistency in the RosarioSIS student information system, affecting versions prior to 10.0 [1][2]. The root cause is that the application did not enforce a maximum size limit on $_POST data, which could include very large values in fields such as textareas. Without a limit, an attacker could submit an excessively large POST request, leading to resource exhaustion or potential database issues [3].
Exploitation
Details
Exploitation requires the ability to send HTTP POST requests to the application, which is typically possible from any network position capable of reaching the web interface. No authentication is explicitly required for this vulnerability, as it affects the handling of incoming POST data before any authorization checks. The official fix, implemented in commit 4022954c3f41462bf6225c302a28b0429f6f4df3, introduces a new constant ROSARIO_POST_MAX_SIZE_LIMIT defaulting to 16MB and a validation routine that rejects requests exceeding this limit [3][4].
Impact
Assessment
A successful exploit allows an unauthenticated attacker to cause a denial of service by submitting POST data larger than the application can handle. This could lead to memory exhaustion, server slowdown, or database connection errors, effectively disrupting service for legitimate users. The severity is rated as high (CVSS 7.5) due to the low attack complexity and lack of required privileges [2].
Mitigation
Status
The vulnerability is fixed in RosarioSIS version 10.0 by implementing a configurable POST size limit of 16MB, preventing attacks that rely on oversized payloads [3]. Users running versions prior to 10.0 should upgrade immediately. There is no evidence that this CVE is listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
francoisjacquet/rosariosisPackagist | < 10.1 | 10.1 |
Affected products
2- francoisjacquet/francoisjacquet/rosariosisv5Range: unspecified
Patches
14022954c3f41Limit $_POST array size to a maximum of 16MB
2 files changed · +45 −0
CHANGES.md+1 −0 modified@@ -94,6 +94,7 @@ Changes in 10.0 - MySQL use LONGTEXT type for textarea field in Fields.fnc.php & DisciplineForm.php - SQL Check requested assignment belongs to teacher in Assignments.php - CSS fix responsive when really long string with no space in stylesheet.css +- Limit `$_POST` array size to a maximum of 16MB in Warehouse.php Changes in 9.3.1 ----------------
Warehouse.php+44 −0 modified@@ -286,6 +286,50 @@ function array_rwalk( &$array, $function ) } } +/** + * Limit $_POST array size to a maximum of 16MB + * + * $_POST array size is limited by PHP post_max_size configuration option + * But this includes $_FILES as well & post_max_size must be greater than upload_max_filesize + * One may want to be able to upload a 100MB file, but may not want the $_POST var, + * with for example the text or HTML of a textarea to be 100MB and later stored in database. + */ +if ( ! defined( 'ROSARIO_POST_MAX_SIZE_LIMIT' ) ) +{ + /** + * Fix a limit of 16MB based on MySQL max_allowed_packet default limit + * Limit size can be overriden in the config.inc.php file + */ + define( 'ROSARIO_POST_MAX_SIZE_LIMIT', 16 * 1024 * 1024 ); // 16MB in bytes. +} + +if ( $_POST + && strlen( serialize( $_POST ) ) > ROSARIO_POST_MAX_SIZE_LIMIT ) +{ + $post_max_size_limit = function( $value ) { + if ( strlen( $value ) > ( ROSARIO_POST_MAX_SIZE_LIMIT / 4 ) ) + { + // Reset value > limit / 4, or else we would send it in the HackingLog email! + return 'ROSARIO_POST_MAX_SIZE_LIMIT / 4 reached.'; + } + + return $value; + }; + + array_rwalk( $_POST, $post_max_size_limit ); + + array_rwalk( $_REQUEST, $post_max_size_limit ); + + require_once 'ProgramFunctions/HackingLog.fnc.php'; + + // Do not translate. + $error[] = 'You are submitting too much data: over the ' . + ( ROSARIO_POST_MAX_SIZE_LIMIT / 1024 / 1024 ) . + 'M limit. Try reducing the data you are submitting.'; + + HackingLog(); +} + /** * Sanitize $_REQUEST array * ($_POST + $_GET)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-vh4m-mw8w-g4w8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2714ghsaADVISORY
- github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3ghsax_refsource_MISCWEB
- huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.