CVE-2024-25513

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.

CVSS

No CVSS.

References

Link	Resource
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx	Exploit Third Party Advisory
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ruvar:ruvaroa:12.01:::::::*
	cpe:2.3:a:ruvar:ruvaroa:6.01:::::::*

History

16 Apr 2025, 19:02

Type	Values Removed	Values Added
First Time		Ruvar ruvaroa Ruvar
CPE		cpe:2.3:a:ruvar:ruvaroa:12.01:::::::* cpe:2.3:a:ruvar:ruvaroa:6.01:::::::*
References	~~() https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx -~~	() https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx - Exploit, Third Party Advisory

07 May 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 19:15

Updated : 2025-04-16 19:02

NVD link : CVE-2024-25513

Mitre link : CVE-2024-25513

JSON object : View

Products Affected

ruvar

ruvaroa

CWE

No CWE.

JSON object

Attach tags to CVE-2024-25513

Attach tags to `CVE-2024-25513`