Vulnerabilities > Ruoyi > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-42913 SQL Injection vulnerability in Ruoyi 4.7.9
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2023-12-01 CVE-2023-49371 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2023-08-11 CVE-2021-28411 Improper Privilege Management vulnerability in Ruoyi 3.4.0
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.
network
low complexity
ruoyi CWE-269
critical
 9.8
9.8
2023-02-02 CVE-2022-48114 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2022-12-16 CVE-2022-4566 SQL Injection vulnerability in Ruoyi 4.7.5
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8