Skip to content

Instantly share code, notes, and snippets.

@Maverickfir
Created December 2, 2023 00:48
Show Gist options
  • Save Maverickfir/53405b944b2830b43a84abf4b1734847 to your computer and use it in GitHub Desktop.
Save Maverickfir/53405b944b2830b43a84abf4b1734847 to your computer and use it in GitHub Desktop.
CVE-2023-49371
> [description]
> RuoYi up to v4.6 was discovered to contain a SQL injection
> vulnerability via /system/dept/edit.
>
> ------------------------------------------
>
> [Vulnerability Type]
> SQL Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> RuoYi
>
> ------------------------------------------
>
> [Affected Product Code Base]
> RuoYi - v4.6
>
> ------------------------------------------
>
> [Affected Component]
> /system/dept/edit
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Attack Vectors]
> RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via the component /system/dept/edit
>
> ------------------------------------------
>
> [Reference]
> https://github.com/Maverickfir/RuoYi-v4.6-vulnerability/blob/main/Ruoyiv4.6.md
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment