SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.
The vulnerability is located in the setwxqyAction function in the webmain/task/api/loginAction.php file. The shouji and userid parameters passed to this function are not properly validated or parameterized, which allows an attacker to inject malicious SQL queries. As a result, it is possible to manipulate database queries without any authentication, directly over the network.
An attacker can gain access to sensitive data, including administrator accounts, password hashes, and database structure. It is also possible to compromise data integrity or affect system availability.
Apply patches available from the manufacturer according to the references. Until the fix is implemented, it is recommended to restrict network access to the vulnerable endpoint and monitor logs for suspicious queries to the loginAction.php file.
Xinhu Rainrock RockOA version 2.7.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRockoa
APPRockoa2.7.0
Related vulnerabilities
SQL Injection w Rockoa β metoda indexAction w reimpAction.php
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters...
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an ad...