Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27025

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

Published

2023-04-02T01:15:07.400

Last Modified

2025-02-18T16:15:14.717

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-494
Type: Secondary
CWE-494

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruoyi	ruoyi	≤ 4.7.6	Yes

References

https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0 Permissions Required ([email protected])
https://gitee.com/y_project/RuoYi/issues/I697Q5 Exploit, Issue Tracking ([email protected])
https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://gitee.com/y_project/RuoYi/issues/I697Q5 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)