CVE-2024-25515 | RuvarOA 6.01/12.01 wf_work_finish_file_down.aspx sys_file_storage_id sql injection

Posted by Angelo Barbosa | May 8, 2024 | CVE

A vulnerability, which was classified as critical, has been found in RuvarOA 6.01/12.01. This issue affects some unknown processing of the file /WorkFlow/wf_work_finish_file_down.aspx. The manipulation of the argument sys_file_storage_id leads to sql injection.

The identification of this vulnerability is CVE-2024-25515. The attack may be initiated remotely. There is no exploit available.

CVE-2024-25515 | RuvarOA 6.01/12.01 wf_work_finish_file_down.aspx sys_file_storage_id sql injection

Related Posts

CVE-2021-47623 | Linux Kernel up to 5.10.100/5.15.23/5.16.9 fixmap __set_fixmap information disclosure

CVE-2024-46942 | OpenDaylight Model-Driven Service Abstraction Layer up to 13.0.1 Fallover Role access control

CVE-2024-5623 | B&R Industrial Automation B&R APROL up to R 4.4-00P3 untrusted search path

CVE-2024-35911 | Linux Kernel up to 6.6.25/6.8.4 ice_vsi_free_q_vectors null pointer dereference (e40a02f06ceb/11ff8392943e/1cb7fdb1dfde)