CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*

History

14 May 2025, 18:26

Type Values Removed Values Added
CPE cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*
References () https://github.com/yangzongzhuan/RuoYi/ - () https://github.com/yangzongzhuan/RuoYi/ - Product
References () https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8 - () https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8 - Exploit
First Time Ruoyi
Ruoyi ruoyi

10 Jan 2025, 16:15

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
Summary
  • (es) Ruoyi v.4.7.9 y versiones anteriores contienen una vulnerabilidad de inyección SQL autenticada. Esto se debe a que el método filterKeyword no filtra por completo las palabras clave de inyección SQL, lo que genera el riesgo de inyección SQL.

09 Jan 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-09 20:15

Updated : 2025-05-14 18:26


NVD link : CVE-2024-54762

Mitre link : CVE-2024-54762

CVE.ORG link : CVE-2024-54762


JSON object : View

Products Affected

ruoyi

  • ruoyi
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')