Invia #598365: ageerle https://github.com/ageerle/ruoyi-ai v2.0.0 Unrestricted Uploadinformazioni

Titoloageerle https://github.com/ageerle/ruoyi-ai v2.0.0 Unrestricted Upload
DescrizioneThe open source project "ageerle/ruoyi-ai" which implements AI chat and painting functions based on ruoyi-plus has an arbitrary file upload vulnerability, which allows attackers to upload any malicious files to any path on the server, resulting in the risk of arbitrary code execution and arbitrary file overwriting on the server.
Fonte⚠️ https://github.com/ageerle/ruoyi-ai/issues/9
Utente
 Anonymous User
Sottomissione17/06/2025 17:03 (1 Anno fa)
Moderazione21/06/2025 07:12 (4 days later)
StatoAccettato
Voce VulDB313574 [ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload File escalationi di privilegi]
Punti18

Want to stay up to date on a daily basis?

Enable the mail alert feature now!