CVE-2019-11362 · Vexday

CVE-2019-11362

EPSS 1.6%

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/rocboss/ROCBOSS/issues/12