提出 #598365: ageerle https://github.com/ageerle/ruoyi-ai v2.0.0 Unrestricted Upload情報

タイトルageerle https://github.com/ageerle/ruoyi-ai v2.0.0 Unrestricted Upload
説明The open source project "ageerle/ruoyi-ai" which implements AI chat and painting functions based on ruoyi-plus has an arbitrary file upload vulnerability, which allows attackers to upload any malicious files to any path on the server, resulting in the risk of arbitrary code execution and arbitrary file overwriting on the server.
ソース⚠️ https://github.com/ageerle/ruoyi-ai/issues/9
ユーザー
 Anonymous User
送信2025年06月17日 17:03 (1 年 ago)
モデレーション2025年06月21日 07:12 (4 days later)
ステータス承諾済み
VulDBエントリ313574 [ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload ファイル 特権昇格]
ポイント18

Want to know what is going to be exploited?

We predict KEV entries!