📦 Rockoa

This SQL injection vulnerability in Xinhu Rainrock RockOA allows attackers to execute arbitrary SQL commands through the shouji and userid parameters. Attackers can extract sensitive data including ad...

CVE-2023-49363 is a critical SQL injection vulnerability in Rockoa versions before 2.3.3 that allows attackers to execute arbitrary SQL commands. This affects all organizations using vulnerable Rockoa...

CVE-2020-18714 is a critical SQL injection vulnerability in Rockoa v1.8.7 that allows remote attackers to execute arbitrary SQL commands through the wordModel.php file. This can lead to privilege esca...

CVE-2020-18716 is a critical SQL injection vulnerability in Rockoa v1.8.7 that allows remote attackers to execute arbitrary SQL commands through insufficient parameter filtering in wordAction.php. Thi...

This CSRF vulnerability in Rockoa v1.9.8 allows authenticated attackers to create unauthorized administrator accounts by tricking legitimate users into submitting malicious requests. It affects all Ro...

This vulnerability in Xinhu Rainrock RockOA 2.7.0 allows attackers to access sensitive system information through the phpinfo() function by manipulating the 'a' parameter in index.php. This affects al...

This vulnerability allows authenticated users in Xinhu Rainrock RockOA 2.7.0 to modify PHP configuration files through a specific endpoint. Attackers could alter PHP settings to weaken security contro...

This SQL injection vulnerability in Xinhu Rainrock RockOA 2.7.0 allows attackers to execute arbitrary SQL commands via the actstr parameter in the getselectdataAjax function. Attackers can extract sen...

A cross-site scripting (XSS) vulnerability in Xinhu Rainrock RockOA 2.7.0 allows attackers to inject malicious scripts via the 'm' parameter in the task.php endpoint. This affects all users of RockOA ...