Soumettre #710152: Ruoyi Management System V4.8.1 Code Injectioninformation

TitreRuoyi Management System V4.8.1 Code Injection
DescriptionThe vulnerability exists in the CacheController at the '/monitor/cache/getnames' endpoint, where the fragment parameter does not adequately sanitize user input. This allows attackers to inject malicious code via carefully crafted Thymeleaf expressions. Although newer versions have implemented blacklist filtering, attackers can still bypass restrictions using specific formats (such as __|$${...}|__::.x) to achieve code execution.
La source⚠️ https://github.com/ltranquility/CVE/issues/26
Utilisateur Customer (UID 83474)
Soumission09/12/2025 10:01 (il y a 4 mois)
Modérer17/12/2025 21:59 (8 days later)
StatutAccepté
Entrée VulDB337047 [y_project RuoYi jusqu’à 4.8.1 /monitor/cache/getnames fragment élévation de privilèges]
Points20

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!