exploitDog

GHSA-j46p-wfvm-g6pg

Опубликовано: 07 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId

Ссылки

EPSS

Процентиль: 72%

0.00716

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-28407

CVSS3: 8.8

nvd

10 месяцев назад

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId

EPSS

Процентиль: 72%

0.00716

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284