RSS   Podatności dla 'Ruoyi'   RSS

2022-03-30
 
CVE-2022-23868

CWE-1236
 

 
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.

 
 
CVE-2022-23869

CWE-732
 

 
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

 


Copyright 2024, cxsecurity.com

 

Back to Top