CNNVD-202601-3951 Information

CNNVD ID

CNNVD-202601-3951

Related CVE

CVE-2025-70986

• CNNVD Published: 2026-01-23

Description (Chinese)

Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi v4.8.2版本存在安全漏洞，该漏洞源于selectDept函数访问控制不当，可能导致未经授权的攻击者任意访问敏感部门数据。

Description (English)

Ruoyi is a back-office management system based on an individual developer. The security loophole in version Ruoyi v 4.8.2 stems from inadequate access controls in the selectDept function, which may lead to arbitrary access to sensitive sector data by unauthorized assailants.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/yangzongzhuan/RuoYi https://gitee.com/y_project/RuoYi https://gitee.com/y_project/RuoYi/issues/IDIDME https://gist.github.com/old6ma/779320a98f361c299ca024521cb72db6 https://access.redhat.com/security/cve/cve-2025-70986