RuvarOA
by RuvarOA
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25507 | Cri | 0.61 | 9.4 | 0.01 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | ||
| CVE-2024-25526 | Hig | 0.53 | 8.1 | 0.01 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | ||
| CVE-2024-25512 | Hig | 0.53 | 8.1 | 0.01 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | ||
| CVE-2024-25513 | Hig | 0.51 | 7.8 | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | ||
| CVE-2024-25515 | Hig | 0.47 | 7.3 | 0.01 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | ||
| CVE-2024-25528 | Med | 0.38 | 5.9 | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. |
- risk 0.61cvss 9.4epss 0.01
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.
- risk 0.53cvss 8.1epss 0.01
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
- risk 0.53cvss 8.1epss 0.01
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.
- risk 0.51cvss 7.8epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.
- risk 0.47cvss 7.3epss 0.01
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.
- risk 0.38cvss 5.9epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
Page 2 of 2