RSS   Vulnerabilities for 'Rockoa'   RSS

2021-12-22
 
CVE-2020-20593

CWE-352
 

 
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.

 
2021-02-05
 
CVE-2020-18716

CWE-89
 

 
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.

 
 
CVE-2020-18714

CWE-89
 

 
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.

 
 
CVE-2020-18713

CWE-89
 

 
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php

 
2021-01-26
 
CVE-2020-21147

CWE-79
 

 
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.

 
2019-06-28
 
CVE-2019-9846

 

 
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.

 

 >>> Vendor: Rockoa 2 Products
Rockoa
Xinhu


Copyright 2024, cxsecurity.com

 

Back to Top