CVE-2025-63742

Publication date

2025-12-09 00:00:00

Family

mitre

State

PUBLISHED

Description

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters.