CNNVD-202509-2007 Information

CNNVD ID

CNNVD-202509-2007

Related CVE

CVE-2025-10473

• CNNVD Published: 2025-09-15

Description (Chinese)

RuoYi是中国若依（RuoYi）个人开发者的一款后台管理系统。 RuoYi 4.8.1及之前版本存在SQL注入漏洞，该漏洞源于组件Blacklist Handler的函数filterKeyword对文件/com/ruoyi/common/utils/sql/SqlUtil.java的操作不当，可能导致SQL注入攻击。

Description (English)

RuoYi is a back-office management system for the personal developers of RuoYi in China. RuoYi 4.8.1 and previous versions contained a SQL injection loophole, which resulted from the mishandling of the file/com/ruoyi/common/utils/sql/SqlUtil.java ’ s function of the Blacklist Handler component, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/mo957/vuln/blob/main/ruoyi_sqlinject/ruoyi_sqlinject.md https://vuldb.com/?ctiid.323905 https://vuldb.com/?id.323905 https://vuldb.com/?submit.648475