蔡啟仁

**Name of the Vulnerable Software and Affected Versions** RAVA certificate validation system (affected versions not specified) **Description** The issue concerns insufficient validation for user input in the RAVA certificate validation system. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially accessing, modifying, and deleting database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RAVA certificate validation system (affected versions not specified) **Description** The issue is related to insufficient filtering for a special parameter of the web page input field in the RAVA certificate validation system. A remote attacker with administrator privilege can exploit this to perform arbitrary system commands and disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.