Submeter #710152: Ruoyi Management System V4.8.1 Code Injectioninformação

TítuloRuoyi Management System V4.8.1 Code Injection
DescriçãoThe vulnerability exists in the CacheController at the '/monitor/cache/getnames' endpoint, where the fragment parameter does not adequately sanitize user input. This allows attackers to inject malicious code via carefully crafted Thymeleaf expressions. Although newer versions have implemented blacklist filtering, attackers can still bypass restrictions using specific formats (such as __|$${...}|__::.x) to achieve code execution.
Fonte⚠️ https://github.com/ltranquility/CVE/issues/26
Utilizador Customer (UID 83474)
Submissão09/12/2025 10h01 (há 4 meses)
Moderação17/12/2025 21h59 (8 days later)
EstadoAceite
Entrada VulDB337047 [y_project RuoYi até 4.8.1 /monitor/cache/getnames fragment Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!