CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

GHSA-GQ63-P39P-JRJF Withdrawn: SQL injection in Yii 2

Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...

CVE-2023-26750

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework...

Yii SQL注入漏洞

Yii is the YII team developed a set of component-based, high-performance PHP framework for developing large-scale Web applications. Yii Framework SQL injection vulnerability exists in Yii 2 Framework v.2.0.47 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary code...

PT-2023-20778 · Unknown · Yii 2 Framework

Name of the Vulnerable Software and Affected Versions: Yii 2 Framework versions prior to 2.0.47 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the runAction function. The software maintainer disputes that the vulnerability is in the framework itself,...

CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2023-1501 RockOA acloudCosAction.php.SQL runAction unrestricted upload

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

PT-2023-17037 · Rockoa · Rockoa

Name of the Vulnerable Software and Affected Versions: RockOA version 2.3.2 Description: A critical issue was found in the runAction function of the file acloudCosAction.php.SQL. The manipulation of the fileid argument leads to unrestricted upload. It is possible to initiate the attack remotely...

RockOA 代码问题漏洞

RockOA Xinhuo is an open source office OA system . RockOA 2.3.2 version of the code problem vulnerability , the vulnerability stems from the file acloudCosAction.php.SQL function runAction has problems with the operation of the parameter fileid will lead to unrestricted uploads...