RuvarOA
Products
1- 21 CVEs
Recent CVEs
21| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25532 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | |||
| CVE-2024-25522 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | |||
| CVE-2024-25523 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | |||
| CVE-2024-25530 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | |||
| CVE-2024-25521 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | |||
| CVE-2024-25527 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | |||
| CVE-2024-25526 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | |||
| CVE-2024-25524 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | |||
| CVE-2024-25528 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | |||
| CVE-2024-25519 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | |||
| CVE-2024-25517 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | |||
| CVE-2024-25531 | 0.00 | — | 0.00 | May 8, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | |||
| CVE-2024-25533 | 0.00 | — | 0.00 | May 8, 2024 | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | |||
| CVE-2024-25514 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | |||
| CVE-2024-25507 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | |||
| CVE-2024-25508 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | |||
| CVE-2024-25511 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | |||
| CVE-2024-25509 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | |||
| CVE-2024-25512 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | |||
| CVE-2024-25510 | 0.00 | — | 0.00 | May 7, 2024 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. |
- CVE-2024-25532May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
- CVE-2024-25522May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
- CVE-2024-25523May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
- CVE-2024-25530May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.
- CVE-2024-25521May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
- CVE-2024-25527May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
- CVE-2024-25526May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
- CVE-2024-25524May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
- CVE-2024-25528May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
- CVE-2024-25519May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
- CVE-2024-25517May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
- CVE-2024-25531May 8, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
- CVE-2024-25533May 8, 2024risk 0.00cvss —epss 0.00
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
- CVE-2024-25514May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.
- CVE-2024-25507May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.
- CVE-2024-25508May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.
- CVE-2024-25511May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.
- CVE-2024-25509May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.
- CVE-2024-25512May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.
- CVE-2024-25510May 7, 2024risk 0.00cvss —epss 0.00
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.