CVE-2022-48114
https://notcve.org/view.php?id=CVE-2022-48114
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. • https://gitee.com/y_project/RuoYi/issues/I65V2B • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-32065
https://notcve.org/view.php?id=CVE-2022-32065
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Una vulnerabilidad de carga de archivos arbitraria en el módulo de administración de fondo de RuoYi versiones v4.7.3 y anteriores permite a atacantes ejecutar código arbitrario por medio de un archivo HTML diseñado • https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6 https://gitee.com/y_project/RuoYi/issues/I57IME https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6 https://github.com/yangzongzhuan/RuoYi/issues/118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •