CVE-2025-63738
MEDIUMDescription
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.
Is your site exposed to CVE-2025-63738?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| rockoa | rockoa |
References
Frequently Asked Questions
What is CVE-2025-63738? +
How severe is CVE-2025-63738? +
What products are affected by CVE-2025-63738? +
How do I check if I'm vulnerable to CVE-2025-63738? +
Related Vulnerabilities
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary …
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive …
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template …
Kirby is an open-source content management system. In versions 5.3.0 and above but prior to 5.4.1, Kirby did not correctly …
A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom …
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to …