CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25515

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.3%

CVSS Severity

CVSS v3 Score 7.3

References

https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_finish_file_downaspx
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_finish_file_downaspx

Products affected by CVE-2024-25515

Ruvar » Ruvaroa » Version: 12.01

cpe:2.3:a:ruvar:ruvaroa:12.01
Ruvar » Ruvaroa » Version: 6.01

cpe:2.3:a:ruvar:ruvaroa:6.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25515

Products

Pricing

Contact Us