Shodan
Vulnerabilities
Vulnerable Software
Ruvar:  >> Ruvaroa  Security Vulnerabilities
CVE-2024-25528
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-05-08
CVE-2024-25532
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
CVE-2024-25533
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
CVSS Score
9.4
EPSS Score
0.002
Published
2024-05-08
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
CVSS Score
9.4
EPSS Score
0.001
Published
2024-05-08
CVE-2024-25529
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-05-08
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
CVE-2024-25520
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-08
CVE-2024-25521
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
CVSS Score
9.4
EPSS Score
0.0
Published
2024-05-08
CVE-2024-25522
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
CVSS Score
9.4
EPSS Score
0.0
Published
2024-05-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved