Vulnerabilities > Ruoyi

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-28	CVE-2023-7133	Cross-site Scripting vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. network low complexity ruoyi CWE-79	6.1
2023-12-01	CVE-2023-49371	SQL Injection vulnerability in Ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. network low complexity ruoyi CWE-89 critical	9.8
2023-08-11	CVE-2021-28411	Improper Privilege Management vulnerability in Ruoyi 3.4.0 An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. network low complexity ruoyi CWE-269 critical	9.8
2023-07-21	CVE-2023-3815	Cross-site Scripting vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. network low complexity ruoyi CWE-79	6.1
2023-06-08	CVE-2023-3163	SQL Injection vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.7. network low complexity ruoyi CWE-89	7.5
2023-02-02	CVE-2022-48114	SQL Injection vulnerability in Ruoyi RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. network low complexity ruoyi CWE-89 critical	9.8
2022-12-16	CVE-2022-4566	SQL Injection vulnerability in Ruoyi 4.7.5 A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. network low complexity ruoyi CWE-89 critical	9.8
2022-12-08	CVE-2022-4348	Improper Enforcement of Message or Data Structure vulnerability in Ruoyi Ruoyi-Cloud A vulnerability was found in y_project RuoYi-Cloud. network low complexity ruoyi CWE-707	6.1
2022-07-13	CVE-2022-32065	Cross-site Scripting vulnerability in Ruoyi An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. network ruoyi CWE-79	3.5
2022-03-30	CVE-2022-23868	Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. network ruoyi CWE-1236	6.8

Vulnerabilities > Ruoyi {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ruoyi"}]}

Vulnerabilities > Ruoyi