18 matches found
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/getfindcondiction.aspx...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/getfindcondiction.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the tbTable parameter in the /WebUtility/MF.aspx file against externally entered SQL statements. An attacker can exploit this...
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/getfindcondiction.aspx...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/getfindcondiction.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
CVE-2024-25530
RuvarOA v6.01 and v12.01 are affected by a SQL injection in the PageID parameter of /WebUtility/get_find_condiction.aspx due to unvalidated SQL statements. Root cause: lack of validation in PageID handling. Impact: high risk of unauthorized database access and data exposure (CVSS v3.1 base score ...
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...
CVE-2024-25517
RuvarOA v6.01 and v12.01 expose a SQL injection vulnerability in the tbTable parameter of /WebUtility/MF.aspx. Root cause: lack of input validation for externally entered SQL statements. Impact per sources: potential unauthorized data access/alteration with high severity. Exploitation details are...
PT-2024-20992 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the PageID parameter at the "/WebUtility/get find condiction.aspx" API endpoint. Recommendations:...
PT-2024-20993 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the PageID parameter at the "/WebUtility/SearchCondiction.aspx" API endpoint. Recommendations: For versions 6.01...
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx...
ruvar通用企业版OA系统 flow_list.aspx 参数 mt_type SQL注入漏洞
0x01漏洞简介 ruvar通用企业版OA系统在/WebUtility/flowlist.aspx处对参数mttype过滤不严格,导致出现SQL注入漏洞。该漏洞需要利用账号密码进行登陆,然后访问漏洞页面。利用的步骤如下: 1利用账号密码进行登陆,登陆页面是http://xxx.com/include/login.aspx 2登陆成功后,访问http://www.xxx.com/WebUtility/flowlist.aspx进行SQL注入利用 0x02漏洞利用 登陆后: 0x03修复方案 过滤,或者使用参数化SQL语句。...