Shodan
Vulnerabilities
Vulnerable Software
Rockoa:  >> Rockoa  >> 2.7.0  Security Vulnerabilities
CVE-2025-63738
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-09
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-09
CVE-2025-63740
SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-09
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-09
CVE-2025-63737
Cross-site scripting (XSS) vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved