CVE-2024-25517

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...

PT-2024-20978 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the tbTable argument at the "/WebUtility/MF.aspx" API endpoint. Recommendations: For versions 6.01...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the tbTable parameter in the /WebUtility/MF.aspx file against externally entered SQL statements. An attacker can exploit this...

CVE-2024-25517

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...

CVE-2024-25517

RuvarOA v6.01 and v12.01 expose a SQL injection vulnerability in the tbTable parameter of /WebUtility/MF.aspx. Root cause: lack of input validation for externally entered SQL statements. Impact per sources: potential unauthorized data access/alteration with high severity. Exploitation details are...

CVE-2024-25517

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...