Jinguo Yang

12 exploits Active since Apr 2025
CVE-2025-28400 WRITEUP MEDIUM WRITEUP
RUoYi 4.8.0 - Privilege Escalation via PostID Parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVSS 6.7
CVE-2025-28402 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via jobId Parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVSS 9.8
CVE-2025-28403 WRITEUP HIGH WRITEUP
RUoYi 4.8.0 - Privilege Escalation via editSave Method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVSS 7.2
CVE-2025-28405 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via changeStatus Method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVSS 9.8
CVE-2025-28406 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via jobLogId Parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVSS 9.8
CVE-2025-28407 WRITEUP HIGH WRITEUP
RUoYi 4.8.0 - Privilege Escalation via Unvalidated DictId Edit Endpoint
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVSS 8.8
CVE-2025-28408 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via selectDeptTree Endpoint deptId Parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVSS 9.8
CVE-2025-28409 WRITEUP HIGH WRITEUP
RUoYi 4.8.0 - Privilege Escalation via /add/{parentId} Endpoint
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
CVSS 8.8
CVE-2025-28410 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via cancelAuthUserAll Method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
CVSS 9.8
CVE-2025-28411 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via Tool Gen EditSave Method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
CVSS 9.8
CVE-2025-28412 WRITEUP CRITICAL WRITEUP
RuoYi 4.8.0 - Privilege Escalation via SysNoticeController EditSave Method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVSS 9.8
CVE-2025-28413 WRITEUP CRITICAL WRITEUP
RUoYi 4.8.0 - Privilege Escalation via SysDictTypeController
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVSS 9.8