CVE-2025-63742

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.

rainrocka/xinhu
rainrocka/xinhu
信呼,免费开源的办公OA系统,包括APP,pc上客户端,REIM即时通信,服务端等,让每个企业单位都有自己的办公系统。
GitHubGitHub
126