Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4566 | 1 Ruoyi | 1 Ruoyi | 2023-03-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | |||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2023-02-08 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | |||||
| CVE-2021-38241 | 1 Ruoyi | 1 Ruoyi | 2022-12-21 | N/A | 9.8 CRITICAL |
| Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | |||||
| CVE-2022-32065 | 1 Ruoyi | 1 Ruoyi | 2022-07-26 | 3.5 LOW | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | |||||
| CVE-2022-23869 | 1 Ruoyi | 1 Ruoyi | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | |||||
| CVE-2022-23868 | 1 Ruoyi | 1 Ruoyi | 2022-04-04 | 6.8 MEDIUM | 7.8 HIGH |
| RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | |||||