Описание
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-32065
- https://github.com/yangzongzhuan/RuoYi/issues/118
- https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/issues/I57IME
- https://github.com/yangzongzhuan/RuoYi
Пакеты
Наименование
com.ruoyi:ruoyi
maven
Затронутые версииВерсия исправления
< 4.7.4
4.7.4
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.