4 matches found
CVE-2024-25508
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletintemplateshow.aspx...
CVE-2024-25508
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletintemplateshow.aspx...
PT-2024-20970 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/bulletin/bulletin template show.aspx" API endpoint. Recommendations: For...
CVE-2024-25508
RuvarOA is affected in v6.01–v12.01 by a SQL injection via the id parameter in the bulletin_template_show.aspx endpoint. Root cause: lack of input validation on id leading to arbitrary SQL execution that can read/modify data. References from multiple sources confirm the vulnerable versions and th...