RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-02
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-07-13
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-30
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-30
Page 2