Filtered by CWE-89
Total 12999 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-25528 2024-08-01 5.9 Medium
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
CVE-2024-25520 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
CVE-2024-25521 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
CVE-2024-25531 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
CVE-2024-25511 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.
CVE-2024-25508 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.
CVE-2024-25514 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.
CVE-2024-25526 2024-08-01 8.1 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
CVE-2024-25517 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
CVE-2024-25524 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
CVE-2024-25525 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
CVE-2024-25519 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
CVE-2024-25507 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.
CVE-2024-25515 2024-08-01 7.3 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.
CVE-2024-25509 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.
CVE-2024-25512 2024-08-01 8.1 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.
CVE-2024-25428 2024-08-01 N/A
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.
CVE-2024-25510 2024-08-01 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.
CVE-2024-25518 2024-08-01 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.
CVE-2024-25513 2024-08-01 7.8 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.