CVE-2023-1501

Name of the Vulnerable Software and Affected Versions RockOA version 2.3.2

Description A critical issue was found in the runAction function of the file acloudCosAction.php.SQL. The manipulation of the fileid argument leads to unrestricted upload. It is possible to initiate the attack remotely.

Recommendations For RockOA version 2.3.2, consider disabling the runAction function in the acloudCosAction.php.SQL file as a temporary workaround to prevent exploitation. Restrict access to the fileid argument to minimize the risk of unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this issue.