Описание
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.
Ссылки
- ExploitThird Party AdvisoryIssue Tracking
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rockoa:rockoa:2.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
2 месяца назад
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.
EPSS
Процентиль: 11%
0.00039
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89