CVE-2024-25533

Name of the Vulnerable Software and Affected Versions RuvarOA versions 6.01 through 12.01

Description Error messages in RuvarOA were discovered to leak the physical path of the website, specifically at the /WorkFlow/OfficeFileUpdate.aspx endpoint. This issue can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

Recommendations For versions 6.01 through 12.01, consider restricting access to the /WorkFlow/OfficeFileUpdate.aspx endpoint until a patch is available. As a temporary workaround, avoid using crafted SQL statements that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.