SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function
CVSS Score
6.8
EPSS Score
0.001
Published
2025-03-18
SQL Injection exits in xinhu < 2.5.0
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-19
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-12-26