彙總 ruvar 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SQL 注入 相關,可能在 生產負載與軟體部署 場景中帶來 資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-25533 | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | [email protected] | 9.4 | 0.72% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25532 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | [email protected] | 9.8 | 0.51% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25528 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | [email protected] | 5.9 | 0.28% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25531 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | [email protected] | 9.8 | 0.58% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25530 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | [email protected] | 9.8 | 0.58% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25529 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | [email protected] | 9.8 | 0.61% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25527 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | [email protected] | 9.4 | 0.51% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25526 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | [email protected] | 8.1 | 0.59% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25525 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | [email protected] | 9.8 | 0.63% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25524 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | [email protected] | 9.4 | 0.62% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25523 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | [email protected] | 9.8 | 0.70% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25522 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | [email protected] | 9.4 | 0.61% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25521 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | [email protected] | 9.4 | 0.62% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25520 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | [email protected] | 9.8 | 0.63% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25519 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | [email protected] | 9.8 | 0.70% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25518 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | [email protected] | 9.4 | 0.62% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25517 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | [email protected] | 9.8 | 0.70% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25515 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | [email protected] | 7.3 | 0.58% | 2024-05-08 | 2026-06-17 |
| CVE-2024-25514 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | [email protected] | 9.4 | 0.56% | 2024-05-07 | 2026-06-17 |
| CVE-2024-25513 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | [email protected] | 7.8 | 0.32% | 2024-05-07 | 2026-06-17 |