CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.4%

CVSS Severity

CVSS v3 Score 9.4

References

https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#information-leakage-and-unauthorized-access-to-sensitive-data
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#information-leakage-and-unauthorized-access-to-sensitive-data

Products affected by CVE-2024-25533

Ruvar » Ruvaroa » Version: 12.01

cpe:2.3:a:ruvar:ruvaroa:12.01
Ruvar » Ruvaroa » Version: 6.01

cpe:2.3:a:ruvar:ruvaroa:6.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25533

Products

Pricing

Contact Us