CVE-2023-1773 MEDIUM

CVE-2023-1773: Rockoa Configuration File webmainConfig.php code injection

Vendor N/A
Product Rockoa
Weakness CWE-94 · Code injection
Published March 31, 2023
Last update February 11, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

March 31, 2023 CVE published
February 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-62023 WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload