236 matches found
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25515
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
CVE-2024-25515
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...
CVE-2024-25526
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...
PT-2024-20985 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkPlan/WorkPlanAttachDownLoad.aspx" API endpoint...
CVE-2024-25521
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txtkeyword parameter at getcompany.aspx...
PT-2024-20992 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the PageID parameter at the "/WebUtility/get find condiction.aspx" API endpoint. Recommendations:...
CVE-2024-25520
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
PT-2024-20993 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the PageID parameter at the "/WebUtility/SearchCondiction.aspx" API endpoint. Recommendations: For versions 6.01...
CVE-2024-25524
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of China Ruvar Company. A security vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a SQL injection vulnerability in the btid parameter of the /include/getdict.aspx file...