CVE-2023-27025
- EPSS 0.07%
- Veröffentlicht 02.04.2023 01:15:07
- Zuletzt bearbeitet 18.02.2025 16:15:14
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
CVE-2022-48114
- EPSS 0.27%
- Veröffentlicht 02.02.2023 22:15:12
- Zuletzt bearbeitet 26.03.2025 20:15:17
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
CVE-2021-38241
- EPSS 0.89%
- Veröffentlicht 16.12.2022 22:15:08
- Zuletzt bearbeitet 21.04.2025 14:15:21
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
CVE-2022-4566
- EPSS 0.38%
- Veröffentlicht 16.12.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 07:35:30
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the ...
CVE-2022-32065
- EPSS 0.45%
- Veröffentlicht 13.07.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:05:44
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
CVE-2022-23868
- EPSS 0.25%
- Veröffentlicht 30.03.2022 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:49:23
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.
CVE-2022-23869
- EPSS 0.13%
- Veröffentlicht 30.03.2022 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:49:23
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.