Vulnerabilities > Ruoyi

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2021-38241 Deserialization of Untrusted Data vulnerability in Ruoyi
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
network
low complexity
ruoyi CWE-502
critical
9.8
2022-12-16 CVE-2022-4566 SQL Injection vulnerability in Ruoyi 4.7.5
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5.
network
low complexity
ruoyi CWE-89
critical
9.8
2022-12-08 CVE-2022-4348 Unspecified vulnerability in Ruoyi Ruoyi-Cloud
A vulnerability was found in y_project RuoYi-Cloud.
network
low complexity
ruoyi
6.1
2022-07-13 CVE-2022-32065 Cross-site Scripting vulnerability in Ruoyi
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
network
low complexity
ruoyi CWE-79
5.4
2022-03-30 CVE-2022-23868 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.
local
low complexity
ruoyi CWE-1236
7.8
2022-03-30 CVE-2022-23869 Incorrect Permission Assignment for Critical Resource vulnerability in Ruoyi 4.7.2
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
network
low complexity
ruoyi CWE-732
6.5