Vulnerabilities > Rockoa > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-31 CVE-2024-7327 SQL Injection vulnerability in Rockoa Xinhu 2.6.2
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2.
network
low complexity
rockoa CWE-89
8.8
8.8
2023-09-29 CVE-2023-5296 Unspecified vulnerability in Rockoa 1.1/15.X3Amdi/2.3.2
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic.
network
low complexity
rockoa
7.5
7.5
2023-09-29 CVE-2023-5297 Files or Directories Accessible to External Parties vulnerability in Rockoa 2.3.2
A vulnerability was found in Xinhu RockOA 2.3.2.
network
low complexity
rockoa CWE-552
7.5
7.5
2023-03-19 CVE-2023-1501 Unspecified vulnerability in Rockoa 2.3.2
A vulnerability, which was classified as critical, was found in RockOA 2.3.2.
network
low complexity
rockoa
8.8
8.8
2022-12-19 CVE-2022-45041 SQL Injection vulnerability in Rockoa Xinhu
SQL Injection exits in xinhu < 2.5.0
network
low complexity
rockoa CWE-89
7.5
7.5
2021-12-22 CVE-2020-20593 Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
network
low complexity
rockoa CWE-352
8.0
8.0
2020-12-26 CVE-2020-35388 Unspecified vulnerability in Rockoa Xinhu 2.1.9
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
network
low complexity
rockoa
7.5
7.5
2019-06-28 CVE-2019-9846 SQL Injection vulnerability in Rockoa
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
network
low complexity
rockoa CWE-89
8.8
8.8