CVE-2024-54762

medium

Description

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.

References

https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8

https://github.com/yangzongzhuan/RuoYi/

Details

Source: Mitre, NVD

Published: 2025-01-09

Updated: 2025-01-10

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L