Lucene search

CVE-2024-7327

🗓️ 31 Jul 2024 22:02:15Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 34 Views🌐 WEB

Critical sql injection vulnerability in Xinhu RockOA 2.6.

Reporter	Title	Published	Views	Family All 3
Vulnrichment	CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection	31 Jul 202422:00	–	vulnrichment
Cvelist	CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection	31 Jul 202422:00	–	cvelist
NVD	CVE-2024-7327	31 Jul 202422:15	–	nvd

Nvd

Vulners

Vulnrichment

Node

rockoa xinhuMatch2.6.2

[
  {
    "vendor": "Xinhu",
    "product": "RockOA",
    "versions": [
      {
        "version": "2.6.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
wiki	www.wiki.shikangsi.com/post/share/789dad54-851b-4ec6-a1f6-11271e30db71
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
nickName	query param	/webmain/task/openapi/openmodhetongAction.php	SQL Injection vulnerability in the nickName parameter of openmodhetongAction.php.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Jul 2024 22:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS26.5

CVSS36.3 - 8.8

CVSS45.3

EPSS0.00198

SSVC

CWE-89