CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1773 – Rockoa Configuration File webmainConfig.php code injection
https://notcve.org/view.php?id=CVE-2023-1773
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. • https://gitee.com/galaxies2580/cve/blob/master/xinhuv2.3.2.md https://vuldb.com/?ctiid.224674 https://vuldb.com/?id.224674 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1501 – RockOA acloudCosAction.php.SQL runAction unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1501
A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/xieqiangweb/cve/blob/master/cve/Rockoa.md https://vuldb.com/?ctiid.223401 https://vuldb.com/?id.223401 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45041
https://notcve.org/view.php?id=CVE-2022-45041
SQL Injection exits in xinhu < 2.5.0 La inyección SQL sale en xinhu < 2.5.0 • https://github.com/N1k0la-T/somefiles/blob/main/sqli.py https://github.com/N1k0la-T/vulnerability/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20593
https://notcve.org/view.php?id=CVE-2020-20593
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Rockoa versión v1.9.8, permite a un atacante autenticado añadir arbitrariamente una cuenta de administrador • http://www.rockoa.com/view_demo.html https://github.com/alixiaowei/alixiaowei.github.io/issues/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18716
https://notcve.org/view.php?id=CVE-2020-18716
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. Una inyección SQL en Rockoa versión v1.8.7, permite a atacantes remotos alcanzar privilegios debido a un filtrado impreciso de parámetros en el archivo wordAction.php • https://www.seebug.org/vuldb/ssvid-97867 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •