Skip to content

Instantly share code, notes, and snippets.

@kkll5875
Created October 5, 2024 14:31
Show Gist options
  • Save kkll5875/f237f200bae6db6b47eea3236d82ad0d to your computer and use it in GitHub Desktop.
Save kkll5875/f237f200bae6db6b47eea3236d82ad0d to your computer and use it in GitHub Desktop.
RuoYi <=4.7.9 has a security flaw that allows escaping from comments
within the code generation feature, enabling the injection of malicious
code
[VulnerabilityType Other]
Code Injection
[Vendor of Product]
https://github.com/yangzongzhuan/RuoYi
[Affected Product Code Base]
Ruoyi CMS - RuoYi <=4.7.9
[Attack Type]
Remote
[Impact Code execution]
true
[CVE Impact Other]
Escape from comments in the code to achieve arbitrary code injection.
[Discoverer]
hui hui
[Reference]
http://ruoyi.com
https://github.com/yangzongzhuan/RuoYi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment