Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.9 views

CVE-2024-25508

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletintemplateshow.aspx...

9.8CVSS9.9AI score0.00695EPSS
Exploits1References1
NVD
NVD
added 2024/05/08 5:15 p.m.21 views

CVE-2024-25532

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the btid parameter at /include/getdict.aspx...

9.8CVSS7.9AI score0.0051EPSS
Exploits1References1
NVD
NVD
added 2024/05/08 4:15 p.m.10 views

CVE-2024-25530

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/getfindcondiction.aspx...

9.8CVSS7.9AI score0.00577EPSS
Exploits1References1
NVD
NVD
added 2024/05/08 3:15 p.m.22 views

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

9.8CVSS7.9AI score0.00629EPSS
Exploits1References1
NVD
NVD
added 2024/05/08 3:15 p.m.22 views

CVE-2024-25521

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txtkeyword parameter at getcompany.aspx...

9.4CVSS7.9AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.20 views

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

8.3AI score0.00629EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.9 views

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

8.3AI score0.00696EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.16 views

CVE-2024-25528

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

8.3AI score0.00279EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.15 views

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

8.3AI score0.00629EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/08 12:0 a.m.12 views

CVE-2024-25532

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the btid parameter at /include/getdict.aspx...

8.3AI score0.0051EPSS
Exploits1References1
CVE
CVE
added 2024/05/08 12:0 a.m.75 views

CVE-2024-25521

CVE-2024-25521 affects RuvarOA v6.01 and v12.01. A SQL injection vulnerability exists in the get_company.aspx endpoint via the txt_keyword parameter, caused by lack of input validation against external SQL statements. Reported impact includes the ability to perform illegal SQL commands to access ...

9.4CVSS8.3AI score0.00618EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.26 views

CVE-2024-25526

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...

8.2AI score0.00591EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.21 views

CVE-2024-25515

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wfworkfinishfiledown.aspx...

8.2AI score0.00576EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.19 views

CVE-2024-25518

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...

8.2AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.19 views

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

8.2AI score0.00629EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.23 views

CVE-2024-25523

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...

8.2AI score0.00696EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.21 views

CVE-2024-25521

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txtkeyword parameter at getcompany.aspx...

8.2AI score0.00618EPSS
Exploits1References1
CVE
CVE
added 2024/05/08 12:0 a.m.84 views

CVE-2024-25533

CVE-2024-25533 affects RuvarOA v6.01–v12.01. Error messages disclose the server path at /WorkFlow/OfficeFileUpdate.aspx and, per multiple sources, allow writing files or executing arbitrary SQL via crafted statements due to insufficient input validation. Affected versions: 6.01–12.01. Root cause ...

9.4CVSS8.2AI score0.0072EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/08 12:0 a.m.63 views

CVE-2024-25518

RuvarOA v6.01 and v12.01 expose a SQL injection via the template_id parameter on /WorkFlow/wf_get_fields_approve.aspx. Root cause: lack of validation for template_id input, enabling arbitrary SQL execution and potential data disclosure as described across CVE-2024-25518 and related feeds. Documen...

9.4CVSS8.3AI score0.00618EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/08 12:0 a.m.66 views

CVE-2024-25517

RuvarOA v6.01 and v12.01 expose a SQL injection vulnerability in the tbTable parameter of /WebUtility/MF.aspx. Root cause: lack of input validation for externally entered SQL statements. Impact per sources: potential unauthorized data access/alteration with high severity. Exploitation details are...

9.8CVSS8.3AI score0.00696EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder