RSS   Vulnerabilities for 'Rocboss'   RSS

2019-04-20
 
CVE-2019-11362

CWE-89
 

 
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top