9 matches found
RuvarOA PageID Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of external SQL statements in the PageID parameter of the /WebUtility/getfindcondiction.aspx file. An attacker can exploit this...
RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33629)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkPlan/WorkPlanAttachDownLoad.aspx file against external SQL input. This vulnerability...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33150)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /bulletin/bulletintemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33147)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicnew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33625)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /WorkFlow/wfofficefilehistoryshow.aspx file, which lacks validation of externally entered SQL statements. An attacker can exploit...
CVE-2024-25533
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...
PT-2024-20977 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf work finish file down.aspx" API endpoint...
PT-2024-20982 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the txt keyword parameter at the "get company.aspx" endpoint. Recommendations: For versions 6.01...
PT-2024-20987 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the project id parameter at the "/ProjectManage/pm gatt inc.aspx" API endpoint. This allows for potential exploitation. No information is provided about...