A vulnerability classified as critical has been found in RuvarOA 6.01/12.01. This affects an unknown part of the file /SysManage/wf_template_child_field_list.aspx. The manipulation of the argument template_id leads to sql injection.
This vulnerability is uniquely identified as CVE-2024-25514. It is possible to initiate the attack remotely. There is no exploit available.