CNNVD-202512-3720 Information

CNNVD ID

CNNVD-202512-3720

Related CVE

CVE-2025-14856

• CNNVD Published: 2025-12-18

Description (Chinese)

Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi 4.8.1及之前版本存在代码注入漏洞，该漏洞源于文件/monitor/cache/getnames中参数fragment处理不当，可能导致代码注入。

Description (English)

Ruoyi is a back-office management system based on an individual developer. Ruoyi 4.8.1 and previous versions had a code-injecting loophole, which stemmed from the inappropriate handling of the parameter fragment in the file/monitor/cache/getnames, which could lead to a code-injection.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/ltranquility/CVE/issues/26 https://vuldb.com/?ctiid.337047 https://vuldb.com/?id.337047 https://vuldb.com/?submit.710152

Patch

https://gitee.com/y_project/RuoYi/releases