CVE-2024-54762

MEDIUM

ruoyi < 4.7.9 - Authenticated SQL Injection via filterKeyword Method

Title source: llm
STIX 2.1

Description

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.

Scores

CVSS v3 6.3
EPSS 0.0025
EPSS Percentile 16.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
ruoyi/ruoyi < 4.7.9
Published Jan 09, 2025
Tracked Since Feb 18, 2026