An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
References
Link | Resource |
---|---|
https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0 | Permissions Required |
https://gitee.com/y_project/RuoYi/issues/I697Q5 | Exploit Issue Tracking |
https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0 | Permissions Required |
https://gitee.com/y_project/RuoYi/issues/I697Q5 | Exploit Issue Tracking |
Configurations
History
21 Nov 2024, 07:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-02 01:15
Updated : 2024-11-21 07:52
NVD link : CVE-2023-27025
Mitre link : CVE-2023-27025
CVE.ORG link : CVE-2023-27025
JSON object : View
Products Affected
ruoyi
- ruoyi
CWE
CWE-494
Download of Code Without Integrity Check