CVE-2024-25528

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

CVE-2024-25528

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

CVE-2024-25528

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

CVE-2024-25527

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

PT-2024-20988 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/PersonalAffair/worklog template show.aspx" API endpoint. Recommendations...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...