Skip to main content

Rockoa

7 CVEs product

Monthly

CVE-2024-6939 MEDIUM POC This Month

A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rockoa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2023-49363 CRITICAL Act Now

Rockoa <2.3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rockoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5297 HIGH POC This Week

A vulnerability was found in Xinhu RockOA 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5296 HIGH POC This Week

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1773 CRITICAL Act Now

A vulnerability was found in Rockoa 2.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Rockoa
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-1501 HIGH POC This Week

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rockoa
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-9846 HIGH POC This Week

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rockoa
NVD
CVSS 3.0
8.8
EPSS
1.7%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rockoa
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Rockoa <2.3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rockoa
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability was found in Xinhu RockOA 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in Rockoa 2.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rockoa
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rockoa
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy