CVE-2025-63740

Published
View on NVD ↗
CVSS v3
4.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter.

rainrocka/xinhu
rainrocka/xinhu
信呼,免费开源的办公OA系统,包括APP,pc上客户端,REIM即时通信,服务端等,让每个企业单位都有自己的办公系统。
GitHubGitHub
126