Ruoyi: Security Vulnerabilities
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVSS Score
6.7
EPSS Score
0.002
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVSS Score
6.7
EPSS Score
0.002
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVSS Score
7.2
EPSS Score
0.003
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVSS Score
8.8
EPSS Score
0.003
Published
2025-04-07
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-07