제출 #710152: Ruoyi Management System V4.8.1 Code Injection정보

제목Ruoyi Management System V4.8.1 Code Injection
설명The vulnerability exists in the CacheController at the '/monitor/cache/getnames' endpoint, where the fragment parameter does not adequately sanitize user input. This allows attackers to inject malicious code via carefully crafted Thymeleaf expressions. Although newer versions have implemented blacklist filtering, attackers can still bypass restrictions using specific formats (such as __|$${...}|__::.x) to achieve code execution.
원천⚠️ https://github.com/ltranquility/CVE/issues/26
사용자 Customer (UID 83474)
제출2025. 12. 09. AM 10:01 (5 개월 ago)
모더레이션2025. 12. 17. PM 09:59 (8 days later)
상태수락
VulDB 항목337047 [y_project RuoYi 까지 4.8.1 /monitor/cache/getnames fragment 권한 상승]
포인트들20

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!