Отправить #710152: Ruoyi Management System V4.8.1 Code InjectionИнформация

НазваниеRuoyi Management System V4.8.1 Code Injection
ОписаниеThe vulnerability exists in the CacheController at the '/monitor/cache/getnames' endpoint, where the fragment parameter does not adequately sanitize user input. This allows attackers to inject malicious code via carefully crafted Thymeleaf expressions. Although newer versions have implemented blacklist filtering, attackers can still bypass restrictions using specific formats (such as __|$${...}|__::.x) to achieve code execution.
Источник⚠️ https://github.com/ltranquility/CVE/issues/26
Пользователь Customer (UID 83474)
Представление09.12.2025 10:01 (5 месяцы назад)
Модерация17.12.2025 21:59 (8 days later)
Статуспринято
Запись VulDB337047 [y_project RuoYi до 4.8.1 /monitor/cache/getnames fragment эскалация привилегий]
Баллы20

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!