SQL Injection Vulnerability in Xinhu RockOA Web Application
CVE-2024-7327

8.8HIGH

Key Information:

Vendor: Xinhu RockOA
Status: Xinhu
Vendor: CVE Published:; 31 July 2024

🔔 Create Xinhu RockOA Vulnerability Alert

What is CVE-2024-7327?

A serious vulnerability has been identified in the Xinhu RockOA web application, specifically affecting version 2.6.2. This flaw exists within the dataAction function of the script located at /webmain/task/openapi/openmodhetongAction.php. An attacker can exploit this vulnerability by manipulating the nickName parameter, resulting in SQL injection. Such an attack could allow unauthorized access to sensitive data within the database, leading to data breaches or information theft. The vulnerability has been disclosed publicly, and there has been a lack of response from the vendor regarding security measures. Organizations using this application are advised to take immediate action to secure their systems against potential exploitation.

References

https://vuldb.com/?id.273250

https://vuldb.com/?ctiid.273250

https://vuldb.com/?submit.378320

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024

JSON