3 matches found
CVE-2024-25513
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...
PT-2024-20975 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the file id parameter at the "/CorporateCulture/kaizen download.aspx" API endpoint. Recommendation...