Vulnerabilities > Rockoa > Rockoa

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-49363 SQL Injection vulnerability in Rockoa
Rockoa <2.3.3 is vulnerable to SQL Injection.
network
low complexity
rockoa CWE-89
critical
 9.8
9.8
2023-09-29 CVE-2023-5296 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rockoa 1.1/15.X3Amdi/2.3.2
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic.
network
low complexity
rockoa CWE-640
7.5
7.5
2023-09-29 CVE-2023-5297 Files or Directories Accessible to External Parties vulnerability in Rockoa 2.3.2
A vulnerability was found in Xinhu RockOA 2.3.2.
network
low complexity
rockoa CWE-552
7.5
7.5
2023-03-31 CVE-2023-1773 Code Injection vulnerability in Rockoa 2.3.2
A vulnerability was found in Rockoa 2.3.2.
network
low complexity
rockoa CWE-94
critical
 9.8
9.8
2023-03-19 CVE-2023-1501 Unrestricted Upload of File with Dangerous Type vulnerability in Rockoa 2.3.2
A vulnerability, which was classified as critical, was found in RockOA 2.3.2.
network
low complexity
rockoa CWE-434
8.8
8.8
2021-12-22 CVE-2020-20593 Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
network
rockoa CWE-352
6.0
6.0
2021-02-05 CVE-2020-18716 SQL Injection vulnerability in Rockoa 1.8.7
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
network
low complexity
rockoa CWE-89
7.5
7.5
2021-02-05 CVE-2020-18714 SQL Injection vulnerability in Rockoa 1.8.7
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
network
low complexity
rockoa CWE-89
7.5
7.5
2021-02-05 CVE-2020-18713 SQL Injection vulnerability in Rockoa 1.8.7
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
network
low complexity
rockoa CWE-89
7.5
7.5
2021-01-26 CVE-2020-21147 Cross-site Scripting vulnerability in Rockoa 1.9.8
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
network
rockoa CWE-79
3.5
3.5