A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-08-29
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-13
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVSS Score
9.8
EPSS Score
0.006
Published
2021-02-05
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-05
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-05