CVE-2024-57521

Critical CVSS: 10.0

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

Vendor

Ruoyi

Product

Ruoyi

CWE

CWE-89

Yayın Tarihi

2025-12-23 17:15:46

Güncelleme

2026-01-06 17:34:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Ruoyi CRITICAL Ruoyi 2025

Referanslar

https://gitee.com/y_project/RuoYi/commit/ddd858ca732618a472b10eaab2f8e4b45812ffc5 https://gitee.com/y_project/RuoYi/issues/IBC976 https://github.com/mrlihd/CVE-2024-57521-SQL-Injection-PoC/blob/main/README.md https://github.com/mrlihd/Ruoyi-4.7.9-SQL-Injection-PoC

Benzer Kayıtlar

High

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access…

Critical

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data…

Medium

CVE-2025-14856

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function o…

Medium

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the…

High

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the au…

High

CVE-2025-56396

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department havi…