7 matches found
RuvarOA SQL Injection Vulnerability (CNVD-2024-33152)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the fileid parameter of the /filemanage/filememo.aspx file against external SQL input. An attacker can exploit this vulnerability t...
RuvarOA id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33156)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the projectid parameter in the /ProjectManage/pmgattinc.aspx file against externally entered SQL statements. An attacker can exploi...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33149)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the attachid parameter in the /Bulletin/AttachDownLoad.aspx file against external SQL input. An attacker can exploit this...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the filename parameter of the /WorkFlow/OfficeFileDownload.aspx file against external SQL input. An attacker can exploit this...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicnew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
SQL Injection Vulnerability in RuvarOA Collaboration Office System of Guangzhou Luhua Computer Co.
Luvar RuvarOA collaborative office system adopts three-tier structure model, the system development adopts java technology, the database supports Mysql, SQL Server, Oracle and so on. There is a SQL injection vulnerability in the RuvarOA system of Guangzhou Luhua Computer Co., Ltd, which can be...