Error messages in RuvarOA v6.01 and v12.01 were...
Unreviewed
Published
May 8, 2024
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
May 8, 2024
Published to the GitHub Advisory Database
May 8, 2024
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
References