CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.

CVSS

No CVSS.

References

Link	Resource
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_template_child_field_listaspx	Exploit Third Party Advisory
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_template_child_field_listaspx	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ruvar:ruvaroa:12.01:::::::*
	cpe:2.3:a:ruvar:ruvaroa:6.01:::::::*

History

16 Apr 2025, 19:02

Type	Values Removed	Values Added
References	~~() https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_template_child_field_listaspx -~~	() https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_template_child_field_listaspx - Exploit, Third Party Advisory
CPE		cpe:2.3:a:ruvar:ruvaroa:12.01:::::::* cpe:2.3:a:ruvar:ruvaroa:6.01:::::::*
First Time		Ruvar ruvaroa Ruvar

07 May 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 19:15

Updated : 2025-04-16 19:02

NVD link : CVE-2024-25514

Mitre link : CVE-2024-25514

JSON object : View

Products Affected

ruvar

ruvaroa

CWE

No CWE.

JSON object

Attach tags to CVE-2024-25514

Attach tags to `CVE-2024-25514`