8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.0%
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
www.seebug.org/vuldb/ssvid-97861