CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

PT-2025-50099

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the getselectdataAjax function within the inputAction.php file. This allows attackers to obtain sensitive information, including administrator accounts, password...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function getselectdataAjax on the parameter actstr in the file inputAction.php, which may lead to a SQL injection attack...

CVE-2024-57151

SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function...

CVE-2024-57151

SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function...

CVE-2024-57151

SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function...

CVE-2024-57151

CVE-2024-57151 describes a SQL injection in Xinhu RockOA (rainrocka xinhu) v2.6.5 and earlier, via the inputAction.php file and the saveAjax function. The issue enables a remote attacker to execute arbitrary code, as documented in multiple sources referencing Xinhu RockOA 2.6.5 and earlier. The p...