Vulnerabilities > Rockoa

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2020-20593	Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8 A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. network low complexity rockoa CWE-352	8.0
2021-02-05	CVE-2020-18716	SQL Injection vulnerability in Rockoa 1.8.7 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. network low complexity rockoa CWE-89 critical	9.8
2021-02-05	CVE-2020-18714	SQL Injection vulnerability in Rockoa 1.8.7 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. network low complexity rockoa CWE-89 critical	9.8
2021-02-05	CVE-2020-18713	SQL Injection vulnerability in Rockoa 1.8.7 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php network low complexity rockoa CWE-89 critical	9.8
2021-01-26	CVE-2020-21147	Cross-site Scripting vulnerability in Rockoa 1.9.8 RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. network low complexity rockoa CWE-79	4.8
2020-12-26	CVE-2020-35388	Unspecified vulnerability in Rockoa Xinhu 2.1.9 rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. network low complexity rockoa	7.5
2019-06-28	CVE-2019-9846	SQL Injection vulnerability in Rockoa RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. network low complexity rockoa CWE-89	8.8

Vulnerabilities > Rockoa {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Rockoa"}]}

Vulnerabilities > Rockoa