CVE-2023-49363
https://notcve.org/view.php?id=CVE-2023-49363
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. Rockoa en versiones < 2.3.3 es vulnerable a la inyección SQL. El problema existe en el método indexAction en reimpAction.php. • https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-5296 – Xinhu RockOA Password password recovery
https://notcve.org/view.php?id=CVE-2023-5296
A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 https://vuldb.com/?ctiid.240926 https://vuldb.com/?id.240926 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2020-18716
https://notcve.org/view.php?id=CVE-2020-18716
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. Una inyección SQL en Rockoa versión v1.8.7, permite a atacantes remotos alcanzar privilegios debido a un filtrado impreciso de parámetros en el archivo wordAction.php • https://www.seebug.org/vuldb/ssvid-97867 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-18714
https://notcve.org/view.php?id=CVE-2020-18714
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. Una inyección SQL en Rockoa versión v1.8.7, permite a atacantes remotos alcanzar privilegios debido a un filtrado impreciso de parámetros en la función getdata del archivo wordModel.php • https://www.seebug.org/vuldb/ssvid-97858 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-18713
https://notcve.org/view.php?id=CVE-2020-18713
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php Una inyección SQL en Rockoa versión v1.8.7, permite a atacantes remotos alcanzar privilegios debido a un filtrado impreciso de parámetros en el archivo customerAction.php • https://www.seebug.org/vuldb/ssvid-97859 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •