6 matches found
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
PT-2025-50100
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the setwxqyAction function within the webmain/task/api/loginAction.php file. This allows attackers to obtain sensitive information, including administrator account...
CVE-2025-63742
SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...
CVE-2025-63742
Xinhu Rainrock RockOA 2.7.0 is identified as vulnerable to a SQL injection in function setwxqyAction of webmain/task/api/loginAction.php, exploitable via the shouji and userid parameters. The issue could reveal administrator accounts, password hashes, database structure, and other sensitive data....
Xinhu RockOA 安全漏洞
Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function setwxqyAction in the file webmain/task/api/loginAction.php on the parameters shouji and userid, which could lead...