CVE

CVE-2024-25533

Severity:

Pending analysis

Type:

Unavailable / Other

Publication date:

08/05/2024

Last modified:

09/05/2024

Description

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

References to Advisories, Solutions, and Tools

https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#information-leakage-and-unauthorized-access-to-sensitive-data