CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3163 – y_project RuoYi filterKeyword resource consumption
https://notcve.org/view.php?id=CVE-2023-3163
A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability. • https://github.com/George0Papasotiriou/CVE-2023-3163-SQL-Injection-Prevention https://gitee.com/y_project/RuoYi/issues/I78DOR https://vuldb.com/?ctiid.231090 https://vuldb.com/?id.231090 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27025
https://notcve.org/view.php?id=CVE-2023-27025
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. • https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0 https://gitee.com/y_project/RuoYi/issues/I697Q5 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48114
https://notcve.org/view.php?id=CVE-2022-48114
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. • https://gitee.com/y_project/RuoYi/issues/I65V2B • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38241
https://notcve.org/view.php?id=CVE-2021-38241
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. Un problema de deserialización descubierto en Ruoyi anterior a 4.6.1 permite a atacantes remotos ejecutar código arbitrario a través de un cifrado débil en el framework Shiro. • https://www.du1ge.com/archives/CVE-2021-38241 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32065
https://notcve.org/view.php?id=CVE-2022-32065
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Una vulnerabilidad de carga de archivos arbitraria en el módulo de administración de fondo de RuoYi versiones v4.7.3 y anteriores permite a atacantes ejecutar código arbitrario por medio de un archivo HTML diseñado • https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6 https://gitee.com/y_project/RuoYi/issues/I57IME https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6 https://github.com/yangzongzhuan/RuoYi/issues/118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •