RockOA 1.8.7 Background SQL Injection Vulnerability

RockOA 1.8.7 Background SQL Injection Vulnerability

CVE-2019-9846 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.