Shodan
Vulnerabilities
Vulnerable Software
Ruoyi:  Security Vulnerabilities
CVE-2025-28402
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28403
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVSS Score
7.2
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28405
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28406
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-07
CVE-2025-28408
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2024-57436
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-01-29
CVE-2024-57437
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-29
CVE-2024-57438
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-29
CVE-2024-57439
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.
CVSS Score
4.9
EPSS Score
0.002
Published
2025-01-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved