Skip to main content

Ruvaroa

26 CVEs product

Monthly

CVE-2024-25533 CRITICAL POC Act Now

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.7%
CVE-2024-25532 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-25528 MEDIUM POC This Month

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-25531 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25530 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25529 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25527 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.5%
CVE-2024-25526 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-25525 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25524 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25523 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25522 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25521 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25520 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25519 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25518 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25517 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25515 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-25514 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25513 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25511 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25510 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25509 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25512 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-25508 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25507 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC This Month

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy