Vulnerabilities

CVE-2025-63742

by Fred · 09/12/2025

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.

More information : https://github.com/rainrocka/xinhu/issues/14

Similar

Tags: Cybersecurity Alert