CVE-2024-25522 | RuvarOA 6.01/12.01 wf_work_form_save.aspx office_missive_id sql injection

Inserito da Angelo Barbosa | Mag 8, 2024 | CVE

A vulnerability, which was classified as critical, has been found in RuvarOA 6.01/12.01. Affected by this issue is some unknown functionality of the file /WorkFlow/wf_work_form_save.aspx. The manipulation of the argument office_missive_id leads to sql injection.

This vulnerability is handled as CVE-2024-25522. The attack may be launched remotely. There is no exploit available.

CVE-2024-25522 | RuvarOA 6.01/12.01 wf_work_form_save.aspx office_missive_id sql injection

Post correlati

CVE-2024-2977 | Tenda F1203 2.0.1.6 /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

CVE-2024-20081 | MediaTek MT8678 Gnss Service out-of-bounds write (MSV-1412 / ALPS08719602)

CVE-2024-32086 | AitThemes Citadela Listing Plugin up to 5.18.1 on WordPress information disclosure

CVE-2024-1363 | Easy Accordion Plugin up to 2.3.4 on WordPress cross site scripting