CNNVD-202512-4135 Information
CNNVD ID
CNNVD-202512-4135
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi 4.7.9及之前版本存在安全漏洞,该漏洞源于SqlUtil.java中createTable函数对输入验证不足,可能导致SQL注入攻击。
Description (English)
Ruoyi is a back-office management system based on an individual developer. Ruoyi 4.7.9 and previous versions contained a security loophole, which stemmed from the lack of proof of input in the CreateTable function in SqlUtil.java, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-23
Last Modified
2026-02-24
References
https://gitee.com/y_project/RuoYi/commit/ddd858ca732618a472b10eaab2f8e4b45812ffc5 https://gitee.com/y_project/RuoYi/issues/IBC976 https://github.com/mrlihd/CVE-2024-57521-SQL-Injection-PoC/blob/main/README.md https://github.com/mrlihd/Ruoyi-4.7.9-SQL-Injection-PoC https://access.redhat.com/security/cve/cve-2024-57521
Patch
https://gitee.com/y_project/RuoYi/releases
Share on: