Created
January 8, 2026 02:59
-
-
Save Catherines77/e3f06b9c4cc6298579e858088a243c3d to your computer and use it in GitHub Desktop.
CVE-2025-66916
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-66916 | |
| [PRODUCT] | |
| https://github.com/dromara/RuoYi-Vue-Plus | |
| [VERSION] | |
| v5.5.1 | |
| [PROBLEM TYPE] | |
| Arbitrary file write/read | |
| [DESCRIPTION] | |
| In the management backend of the snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, a function was found that can execute QLExpress expressions without filtering user input. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment