CVE-2023-3163

LOW

y_project RuoYi <4.7.7 - DoS

Title source: llm

Description

A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.

Exploits (2)

gitee 47,892 stars

by y_project · javawriteup

https://gitee.com/y_project/RuoYi/issues/I78DOR

nomisec SCANNER 4 stars

by George0Papasotiriou · poc

https://github.com/George0Papasotiriou/CVE-2023-3163-SQL-Injection-Prevention

View Code ZIP pw:eip

References (3)

[Exploit] https://gitee.com/y_project/RuoYi/issues/I78DOR

[Permissions Required] https://vuldb.com/?ctiid.231090

[Permissions Required] https://vuldb.com/?id.231090

Scores

CVSS v3 3.5

EPSS 0.0039

EPSS Percentile 60.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-400 CWE-89

Status published

Products (2)

com.ruoyi/ruoyi 0Maven

ruoyi/ruoyi < 4.7.7

Published Jun 08, 2023

Tracked Since Feb 18, 2026