CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2023-49363

CVSS 9.8v3.1pub. 2023-12-13upd. 2024-11-21

Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.

πŸ€– AI Analysis
How it works

The SQL Injection vulnerability (CWE-89) results from insufficient validation and sanitization of input data passed to the indexAction method in the reimpAction.php file. An attacker can inject malicious SQL code directly into queries executed by the application. The attack vector is network-based, requires no authentication or user interaction, making exploitation particularly simple.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and depending on the database server configuration, potentially take control of the system (full CIA triad: confidentiality, integrity, availability threatened at HIGH level).

Mitigation & patch

Rockoa should be updated to version 2.3.3 or newer. If immediate update is not possible, it is recommended to restrict network access to the application and monitor traffic for SQL injection attempts.

Who is affected

Rockoa in versions below 2.3.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockoa

    APP
    Rockoa
    < 2.3.3
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-63742CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w Xinhu RockOA – wyciek danych administratora

CVE-2020-18714CRITICAL9.8ten sam produkt

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...

CVE-2020-18716CRITICAL9.8ten sam produkt

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...

CVE-2020-18713CRITICAL9.8ten sam produkt

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...

CVE-2020-20593HIGH8.0ten sam produkt

A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an ad...

CVE-2023-49363 β€” Rockoa β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl