| tiêu đề | RuoYi <= 4.8.0 could bypass white list to RCE or Arbitrary code execution |
|---|
| Mô tả | As the getBeanName method in the invokeTarget processing flaws, there is a can bypass the whitelist detection of the vulnerability, and the framework of the timed task call relies on the use of the loophole function to obtain the task information, so we can construct a specific statement to be added to the timed task to achieve an arbitrary method to call, which can lead to a hazard of RCE |
|---|
| Nguồn | ⚠️ https://gist.github.com/GSBP0/3c1b0f9dbdd2a48b8f52330cfbbc279b |
|---|
| Người dùng | GSBP (UID 79733) |
|---|
| Đệ trình | 15/01/2025 18:29 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 27/01/2025 12:01 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 293512 [y_project RuoYi đến 4.8.0 Whitelist getBeanName nâng cao đặc quyền] |
|---|
| điểm | 19 |
|---|