CVE-2025-63742
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockoa | rockoa | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL Injection in the setwxqyAction function within the webmain/task/api/loginAction.php file of Xinhu Rainrock RockOA 2.7.0. It allows attackers to exploit the shouji and userid parameters to gain unauthorized access to sensitive information such as administrator accounts, password hashes, database structure, and other critical data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information including administrator credentials and password hashes, which can compromise the security of the system. Attackers may gain control over the database structure and critical data, potentially leading to data breaches, loss of data integrity, and unauthorized system access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This SQL injection vulnerability allows attackers to gain sensitive information such as administrator accounts, password hashes, database structure, and other critical data. Such unauthorized access and potential data breaches can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive personal and health information. Therefore, exploitation of this vulnerability could result in violations of these regulations due to exposure of confidential data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted Base64 encoded SQL injection payloads to the vulnerable API endpoint and observing the responses. For example, you can use curl commands to send GET requests to the endpoint http://target/api.php?m=login&a=setwxqy with Base64 encoded parameters `shouji` and `userid`. An example command to test might be: curl "http://target/api.php?m=login&a=setwxqy&shouji=MTU4MDAwMDAwMjM=&userid=MSdhbmQgc2xlZXAoMyktLSA=". Monitoring for unusual responses or error messages indicating SQL errors or data leakage can help detect the vulnerability. Time-based blind SQL injection techniques can also be used by injecting payloads that cause delays to confirm the presence of the flaw. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable API endpoint to trusted users or networks, implementing input validation and sanitization to prevent SQL injection, and applying any available patches or updates from the vendor. If patching is not immediately possible, consider disabling or restricting the affected functionality (the setwxqyAction method in webmain/task/api/loginAction.php) to prevent exploitation. Monitoring and logging access to the endpoint for suspicious activity is also recommended. [1]