CVE-2025-63740 | Xinhu Rainrock RockOA 2.7.0 inputAction.php getselectdataAjax actstr sql injection (Issue 13)

A vulnerability marked as critical has been reported in Xinhu Rainrock RockOA 2.7.0. This impacts the function getselectdataAjax of the file inputAction.php. The manipulation of the argument actstr leads to sql injection.

This vulnerability is referenced as CVE-2025-63740. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More