CVE-2024-25518

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...

CVE-2024-25522

CVE-2024-25522 affects RuvarOA v6.01 and v12.01, where the office_missive_id parameter in /WorkFlow/wf_work_form_save.aspx is vulnerable to SQL injection. Multiple connected sources describe an inability to validate external SQL input, enabling attackers to execute arbitrary SQL and exfiltrate da...

CVE-2024-25519

CVE-2024-25519 affects RuvarOA v6.01 and v12.01, with a SQL injection vulnerability via the idlist parameter in /WorkFlow/wf_work_print.aspx. The root cause is lack of validation of externally entered SQL statements against the idlist parameter, enabling potentially dangerous SQL execution and da...

CVE-2024-25515

CVE-2024-25515 affects RuvarOA v6.01 and v12.01, with a SQL injection vulnerability exploitable via the sys_file_storage_id parameter in the /WorkFlow/wf_work_finish_file_down.aspx endpoint. Connected sources (Red Hat, CNVD, CNVD CNVD-2024-33626, NVD, etc.) confirm the vulnerability description a...

CVE-2024-25518

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter of the /WorkFlow/wfgetfieldsapprove.aspx file against externally entered SQL statements. An attacker ca...

CVE-2024-25515

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...

CVE-2024-25522

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the officemissiveid parameter at /WorkFlow/wfworkformsave.aspx...

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...

CVE-2024-25509

CVE-2024-25509 affects RuvarOA v6.01 and v12.01, where a SQL injection exists via the sys_file_storage_id parameter in the /WorkFlow/wf_file_download.aspx endpoint. Root cause appears to be lack of input validation for that parameter, enabling SQL statements to be interpreted by the database. Imp...

PT-2024-20971 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf file download.aspx" API endpoint...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...

The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a task management system for enterprise automation in Oracle E-Business Suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a component of the Oracle E-Business Suite for enterprise automation, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

Umbraco Workflow's Backoffice users can execute arbitrary SQL

Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...