Lucene search

MitreVULNRICHMENT:CVE-2024-25513

HistoryMay 07, 2024 - 12:00 a.m.

CVE-2024-25513

2024-05-0700:00:00

mitre

github.com

ruvaroa v6.01

ruvaroa v12.01

sql injection

file_id parameter

corporateculture

kaizen_download.aspx

AI Score

8.3

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:guangzhou_luhua_information_technology:ruvaroa:*:*:*:*:*:*:*:*"
    ],
    "vendor": "guangzhou_luhua_information_technology",
    "product": "ruvaroa",
    "versions": [
      {
        "status": "affected",
        "version": "6.01"
      },
      {
        "status": "affected",
        "version": "12.01"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx