CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.6%

CVSS Severity

CVSS v3 Score 9.4

References

https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_file_downloadaspx
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_file_downloadaspx

Products affected by CVE-2024-25509

Ruvar » Ruvaroa » Version: 12.01

cpe:2.3:a:ruvar:ruvaroa:12.01
Ruvar » Ruvaroa » Version: 6.01

cpe:2.3:a:ruvar:ruvaroa:6.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25509

Products

Pricing

Contact Us