CVE-2024-25533
May 8, 2024, 5:15 p.m.
Tags
Product(s) Impacted
RuvarOA
- 6.01
- 12.01
Description
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
Weaknesses
Date
Published: May 8, 2024, 5:15 p.m.
Last Modified: May 8, 2024, 5:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://gist.github.com/
cve@mitre.org