CVE-2024-57438

Medium CVSS: 5.4

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.

Vendor

Product

CWE

Yayın Tarihi

2025-01-29 15:15:17

Güncelleme

2025-05-14 18:26:41

Source Identifier

cve@mitre.org

KEV Date Added

CWE-863 Ruoyi MEDIUM Ruoyi 2025

https://gitee.com/y_project/RuoYi https://github.com/peccc/restful_vul/blob/main/ruoyi_insecure_role_assignments/ruoyi_insecure_role_assignments.md https://github.com/yangzongzhuan/RuoYi https://ruoyi.vip/

High

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access…

Critical

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data…

Critical

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the creat…

Medium

CVE-2025-14856

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function o…

Medium

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the…

High

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the au…