exploitDog

GHSA-jjcj-frhf-qphh

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.

Ссылки

EPSS

Процентиль: 9%

0.00032

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-63739

CVSS3: 4.3

nvd

2 месяца назад

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.

EPSS

Процентиль: 9%

0.00032

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284