9 matches found
CVE-2024-25528
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25527
RuvarOA v6.01 and v12.01 contain a SQL injection vulnerability in the id parameter of /PersonalAffair/worklog_template_show.aspx due to lack of validation of externally entered SQL statements. This could allow an attacker to execute arbitrary SQL commands to access or exfiltrate data, as describe...
CVE-2024-25528
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...
CVE-2024-25528
CVE-2024-25528 affects RuvarOA v6.01 and v12.01. A SQL injection vulnerability exists via the id parameter at the endpoint /PersonalAffair/worklog_template_show.aspx (also described as related to the /worklog template show.aspx path in several reports). Root cause: improper handling of user-suppl...
CVE-2024-25528
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...