CVE-2025-63742 | Xinhu Rainrock RockOA 2.7.0 loginAction.php setwxqyAction userid sql injection (Issue 14)

A vulnerability described as critical has been identified in Xinhu Rainrock RockOA 2.7.0. Affected is the function setwxqyAction of the file webmain/task/api/loginAction.php. The manipulation of the argument userid results in sql injection.

This vulnerability is identified as CVE-2025-63742. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More