What is CVE-2024-7327?

CVE-2024-7327 is a medium-severity vulnerability in Xinhu Rockoa, classified under SQL Injection. CVSS score: 6.3/10. Published 2024-07-31.

How severe is CVE-2024-7327?

Medium severity. CVSS v3 base score is 6.3 out of 10.

SQL Injection in Xinhu Rockoa

CVE-2024-7327

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql in…

Vulnerability class: SQL Injection

EPSS: 0.001 (26.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Xinhu Rockoa — versions 2.6.2

Weakness classification (CWE)

CWE-89 — SQL Injection

References

VDB-273250 | Xinhu RockOA openmodhetongAction.php dataAction sql injection (vdb-entry, technical-description)
VDB-273250 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #378320 | rainrocka Xinhu RockOA v2.6.2 SQL Injection (third-party-advisory)
wiki.shikangsi.com/post/share/789dad54-851b-4ec6-a1f6-11271e30db71 (exploit)

Frequently asked questions

What is CVE-2024-7327?: CVE-2024-7327 is a medium-severity vulnerability in Xinhu Rockoa, classified under SQL Injection. CVSS score: 6.3/10. Published 2024-07-31.
How severe is CVE-2024-7327?: Medium severity. CVSS v3 base score is 6.3 out of 10.