CNNVD-202512-1250 Information

CNNVD ID

CNNVD-202512-1250

Related CVE

CVE-2025-63740

• CNNVD Published: 2025-12-09

Description (Chinese)

Xinhu RockOA是中国信呼（Xinhu）公司的一个办公OA系统。 Xinhu RockOA 2.7.0版本存在安全漏洞，该漏洞源于文件inputAction.php中函数getselectdataAjax对参数actstr的错误操作，可能导致SQL注入攻击。

Description (English)

Xinhu RockOA is an OA office system of Xinhu China. Xinhu RockOA version 2.7.0 contains a security loophole that stems from the error of the function GetselectdataAjax in document inputaction.php to the parameter actstr, which may result in an injection attack by SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

信呼

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/rainrocka/xinhu/issues/13