Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Rockoa Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45041 1 Rockoa 1 Xinhu 2022-12-23 N/A 7.5 HIGH
SQL Injection exits in xinhu < 2.5.0
CVE-2020-20593 1 Rockoa 1 Rockoa 2021-12-28 6.0 MEDIUM 8.0 HIGH
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
CVE-2020-18714 1 Rockoa 1 Rockoa 2021-02-05 7.5 HIGH 9.8 CRITICAL
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
CVE-2020-18716 1 Rockoa 1 Rockoa 2021-02-05 7.5 HIGH 9.8 CRITICAL
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
CVE-2020-18713 1 Rockoa 1 Rockoa 2021-02-05 7.5 HIGH 9.8 CRITICAL
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
CVE-2020-21147 1 Rockoa 1 Rockoa 2021-01-29 3.5 LOW 4.8 MEDIUM
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
CVE-2020-35388 1 Rockoa 1 Xinhu 2020-12-29 5.0 MEDIUM 7.5 HIGH
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
CVE-2019-9846 1 Rockoa 1 Rockoa 2019-07-05 4.0 MEDIUM 8.8 HIGH
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.