Vulnerabilities > Ruoyi > Ruoyi > 4.3.1

DATE CVE VULNERABILITY TITLE RISK
2024-09-21 CVE-2024-9048 Cross-site Scripting vulnerability in Ruoyi
A vulnerability was found in y_project RuoYi up to 4.7.9.
network
low complexity
ruoyi CWE-79
6.1
6.1
2024-07-19 CVE-2024-41599 Cross-site Scripting vulnerability in Ruoyi
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method
network
low complexity
ruoyi CWE-79
6.1
6.1
2023-12-01 CVE-2023-49371 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2023-07-21 CVE-2023-3815 Unspecified vulnerability in Ruoyi
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7.
network
low complexity
ruoyi
6.1
6.1
2023-06-08 CVE-2023-3163 SQL Injection vulnerability in Ruoyi
A vulnerability was found in y_project RuoYi up to 4.7.7.
network
low complexity
ruoyi CWE-89
7.5
7.5
2023-04-02 CVE-2023-27025 Download of Code Without Integrity Check vulnerability in Ruoyi
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
network
low complexity
ruoyi CWE-494
7.5
7.5
2023-02-02 CVE-2022-48114 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2022-12-16 CVE-2021-38241 Deserialization of Untrusted Data vulnerability in Ruoyi
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
network
low complexity
ruoyi CWE-502
critical
 9.8
9.8
2022-07-13 CVE-2022-32065 Cross-site Scripting vulnerability in Ruoyi
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
network
low complexity
ruoyi CWE-79
5.4
5.4