Created
October 5, 2024 14:31
-
-
Save kkll5875/f237f200bae6db6b47eea3236d82ad0d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RuoYi <=4.7.9 has a security flaw that allows escaping from comments | |
within the code generation feature, enabling the injection of malicious | |
code | |
[VulnerabilityType Other] | |
Code Injection | |
[Vendor of Product] | |
https://github.com/yangzongzhuan/RuoYi | |
[Affected Product Code Base] | |
Ruoyi CMS - RuoYi <=4.7.9 | |
[Attack Type] | |
Remote | |
[Impact Code execution] | |
true | |
[CVE Impact Other] | |
Escape from comments in the code to achieve arbitrary code injection. | |
[Discoverer] | |
hui hui | |
[Reference] | |
http://ruoyi.com | |
https://github.com/yangzongzhuan/RuoYi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment