SQL Injection Vulnerability in Ruoyi Framework by Yangzongzhuan
CVE-2024-54762

6.3MEDIUM

Key Information:

Vendor: Yangzongzhuan
Vendor: CVE Published:; 9 January 2025

Summary

The Ruoyi framework, specifically version 4.7.9 and earlier, is susceptible to an SQL injection vulnerability due to inadequate filtering of SQL keywords within the filterKeyword method. This flaw enables attackers to execute arbitrary SQL queries, potentially compromising the integrity and confidentiality of the database. Organizations using this software should promptly assess their systems and apply relevant mitigations.

References

https://github.com/yangzongzhuan/RuoYi/

https://locrian-lightning-dc7.notion.site/CVE-2024-54762-...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025