VYPR

RuvarOA

by RuvarOA

CVEs (26)

  • CVE-2024-25532CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.

  • CVE-2024-25531CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.

  • CVE-2024-25530CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.

  • CVE-2024-25529CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.

  • CVE-2024-25525CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.

  • CVE-2024-25523CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.

  • CVE-2024-25520CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.

  • CVE-2024-25519CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.

  • CVE-2024-25517CriMay 8, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.

  • CVE-2024-25510CriMay 7, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.

  • CVE-2024-25508CriMay 7, 2024
    risk 0.64cvss 9.8epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.

  • CVE-2024-25533CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

  • CVE-2024-25527CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.

  • CVE-2024-25524CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.

  • CVE-2024-25522CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.

  • CVE-2024-25521CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.

  • CVE-2024-25518CriMay 8, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.

  • CVE-2024-25514CriMay 7, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.

  • CVE-2024-25511CriMay 7, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.

  • CVE-2024-25509CriMay 7, 2024
    risk 0.61cvss 9.4epss 0.01

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

Page 1 of 2