CVE-2025-63740

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-63740

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63740.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-63740

Published

2025-12-09T17:15:55.237Z

Modified

2026-03-13T03:38:17.367104Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter.

References

https://github.com/rainrocka/xinhu/issues/13

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.7.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63740.json"