Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.

Published

2025-01-09T20:15:39.140

Last Modified

2025-05-14T18:26:00.927

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruoyi	ruoyi	≤ 4.7.9	Yes

References

https://github.com/yangzongzhuan/RuoYi/ Product ([email protected])
https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8 Exploit ([email protected])