A vulnerability classified as critical was found in RuvarOA 6.01/12.01. This vulnerability affects unknown code of the file /WorkFlow/wf_get_fields_approve.aspx. The manipulation of the argument template_id leads to sql injection.
This vulnerability was named CVE-2024-25518. The attack can be initiated remotely. There is no exploit available.