12 matches found
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of external SQL statements in the PageID parameter of the /WebUtility/getfindcondiction.aspx file. An attacker can exploit this...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter of the /WorkFlow/wfgetfieldsapprove.aspx file against externally entered SQL statements. An attacker ca...
PT-2024-20986 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the filename parameter at the "/WorkFlow/OfficeFileDownload.aspx" API endpoint. Recommendations: For versions 6.01 through 12.01, consider restricting...
PT-2024-20979 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/WorkFlow/wf get fields approve.aspx" API endpoint...
PT-2024-20984 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the file id parameter at the "/filemanage/file memo.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01 throu...
PT-2024-20980 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the idlist parameter at the "/WorkFlow/wf work print.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01...
PT-2024-20974 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the attach id parameter at the "/Bulletin/AttachDownLoad.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /bulletin/bulletintemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
PT-2024-20976 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/SysManage/wf template child field list.aspx" API endpoint...
PT-2024-20973 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public new.aspx" API endpoint. Recommendations: For...
PT-2024-20972 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public show.aspx" API endpoint. Recommendations: For...
PT-2024-20975 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the file id parameter at the "/CorporateCulture/kaizen download.aspx" API endpoint. Recommendation...