exploitDog

GHSA-rgr3-x338-g7mc

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-63742

CVSS3: 9.8

nvd

2 месяца назад

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.

EPSS

Процентиль: 13%

0.00044

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89