Back

CVE-2024-25533

May 8, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

RuvarOA

  • 6.01
  • 12.01

Source

cve@mitre.org

Tags

cve@mitre.org
2024-05-08
CVE-2024-25533

CVE-2024-25533 details

Published : May 8, 2024, 5:15 p.m.
Last Modified : May 8, 2024, 5:15 p.m.

Description

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#information-leakage-and-unauthorized-access-to-sensitive-data cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.