Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2021-12-28 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | |||||
| CVE-2020-18714 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | |||||
| CVE-2020-18716 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | |||||
| CVE-2020-18713 | 1 Rockoa | 1 Rockoa | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | |||||
| CVE-2020-21147 | 1 Rockoa | 1 Rockoa | 2021-01-29 | 3.5 LOW | 4.8 MEDIUM |
| RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering. | |||||
| CVE-2019-9846 | 1 Rockoa | 1 Rockoa | 2019-07-05 | 4.0 MEDIUM | 8.8 HIGH |
| RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. | |||||