Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-57436

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

Published

2025-01-29T15:15:17.073

Last Modified

2025-05-14T18:26:10.557

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruoyi	ruoyi	4.8.0	Yes

References

https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoyi_elevation_of_privileges.md Exploit, Third Party Advisory ([email protected])
https://github.com/yangzongzhuan/RuoYi Product ([email protected])
https://ruoyi.vip/ Product ([email protected])
https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoyi_elevation_of_privileges.md Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)