Rockoa: Security Vulnerabilities
SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function
CVSS Score
6.8
EPSS Score
0.002
Published
2025-03-18
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-10-23
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-07-31
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-06-17
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-06-17
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-17
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-13
xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-06
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-29
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927.
CVSS Score
3.7
EPSS Score
0.001
Published
2023-09-29
Page 1