Rockoa: Security Vulnerabilities
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVSS Score
9.8
EPSS Score
0.006
Published
2021-02-05
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-05
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-05
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-26
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-12-26
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-06-28
Page 3