CVE-2025-63740
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockoa | rockoa | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL Injection in the function getselectdataAjax within the file inputAction.php of Xinhu Rainrock RockOA version 2.7.0. It allows attackers to exploit the actstr parameter to gain unauthorized access to sensitive information such as administrator accounts, password hashes, database structure, and other critical data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information including administrator credentials and password hashes, which can compromise the security of the system. Attackers may gain control over the database, leading to data breaches, loss of data integrity, and potential further exploitation of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to extract sensitive information such as administrator accounts, password hashes, and database structure, which could lead to unauthorized access and data breaches. Such breaches may result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data. Therefore, exploitation of this vulnerability could negatively impact compliance with these standards by exposing protected data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted GET requests to the vulnerable endpoint and observing response delays indicative of time-based blind SQL injection. For example, send a request to `http://target/index.php?a=getselectdata&m=input&d=flow&ajaxbool=true` with the 'actstr' parameter Base64-encoded payloads such as `admin,id,name|1=1 AND sleep(3)#` encoded as `YWRtaW4saWQsbmFtZXwxPTEgQU5EIHNsZWVwKDMpIw==`. Measuring the response time for delays (e.g., 3 seconds) can confirm the vulnerability. A sample curl command to test this is: `curl -i -s -k -X GET 'http://target/index.php?a=getselectdata&m=input&d=flow&ajaxbool=true&actstr=YWRtaW4saWQsbmFtZXwxPTEgQU5EIHNsZWVwKDMpIw==' -b 'session_cookie=your_valid_session_cookie'` where a significant delay indicates vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, ensuring that only authenticated users with valid session cookies can access it. Additionally, applying input validation and sanitization on the 'actstr' parameter to prevent SQL injection is critical. If possible, update or patch Xinhu Rainrock RockOA to a version where this vulnerability is fixed. As a temporary measure, monitor and block suspicious requests with unusual Base64-encoded payloads targeting the 'actstr' parameter. [1]