Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown
CVE-2020-20593
Disclosure Date: December 22, 2021 (last updated February 23, 2025)
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
0
Attacker Value
Unknown
CVE-2020-18716
Disclosure Date: February 05, 2021 (last updated February 22, 2025)
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
0
Attacker Value
Unknown
CVE-2020-18714
Disclosure Date: February 05, 2021 (last updated February 22, 2025)
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
0
Attacker Value
Unknown
CVE-2020-18713
Disclosure Date: February 05, 2021 (last updated February 22, 2025)
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
0
Attacker Value
Unknown
CVE-2020-21147
Disclosure Date: January 26, 2021 (last updated February 22, 2025)
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.
0
Attacker Value
Unknown
CVE-2020-35388
Disclosure Date: December 26, 2020 (last updated November 28, 2024)
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
0
Attacker Value
Unknown
CVE-2019-9846
Disclosure Date: June 28, 2019 (last updated November 27, 2024)
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.
0
