CVE-2023-1501
- EPSS 0.08%
- Veröffentlicht 19.03.2023 20:15:19
- Zuletzt bearbeitet 21.11.2024 07:39:19
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate th...
- EPSS 0.11%
- Veröffentlicht 22.12.2021 23:15:07
- Zuletzt bearbeitet 21.11.2024 05:12:09
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
CVE-2020-18716
- EPSS 0.51%
- Veröffentlicht 05.02.2021 14:15:15
- Zuletzt bearbeitet 21.11.2024 05:08:44
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVE-2020-18714
- EPSS 0.51%
- Veröffentlicht 05.02.2021 14:15:15
- Zuletzt bearbeitet 21.11.2024 05:08:44
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVE-2020-18713
- EPSS 0.62%
- Veröffentlicht 05.02.2021 14:15:15
- Zuletzt bearbeitet 21.11.2024 05:08:44
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVE-2020-21147
- EPSS 0.22%
- Veröffentlicht 26.01.2021 18:15:42
- Zuletzt bearbeitet 21.11.2024 05:12:28
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict fi...
CVE-2019-9846
- EPSS 0.23%
- Veröffentlicht 28.06.2019 16:15:09
- Zuletzt bearbeitet 21.11.2024 04:52:25
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.