A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-08-29
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-13
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-06-28