Shodan
Vulnerabilities
Vulnerable Software
Ruoyi:  >> Ruoyi  >> 4.8.0  Security Vulnerabilities
CVE-2025-4819
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-05-17
CVE-2025-28409
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-07
CVE-2025-28410
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28411
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28412
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28413
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVSS Score
6.7
EPSS Score
0.001
Published
2025-04-07
CVE-2025-28401
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVSS Score
6.7
EPSS Score
0.001
Published
2025-04-07
CVE-2025-28402
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-07
CVE-2025-28403
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVSS Score
7.2
EPSS Score
0.002
Published
2025-04-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved