Vulnerabilities > Ruoyi
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-28 | CVE-2023-7133 | Cross-site Scripting vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. | 6.1 |
2023-12-01 | CVE-2023-49371 | SQL Injection vulnerability in Ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | 9.8 |
2023-08-11 | CVE-2021-28411 | Improper Privilege Management vulnerability in Ruoyi 3.4.0 An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | 9.8 |
2023-07-21 | CVE-2023-3815 | Cross-site Scripting vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. | 6.1 |
2023-06-08 | CVE-2023-3163 | SQL Injection vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.7. | 7.5 |
2023-02-02 | CVE-2022-48114 | SQL Injection vulnerability in Ruoyi RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | 9.8 |
2022-12-16 | CVE-2022-4566 | SQL Injection vulnerability in Ruoyi 4.7.5 A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. | 9.8 |
2022-12-08 | CVE-2022-4348 | Improper Enforcement of Message or Data Structure vulnerability in Ruoyi Ruoyi-Cloud A vulnerability was found in y_project RuoYi-Cloud. | 6.1 |
2022-07-13 | CVE-2022-32065 | Cross-site Scripting vulnerability in Ruoyi An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | 3.5 |
2022-03-30 | CVE-2022-23868 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | 6.8 |