Skip to main content

Ruoyi CVE-2022-4566

CRITICAL
Improper Neutralization (CWE-707)
2022-12-16 cna@vuldb.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 16, 2022 - 19:15 nvd
CRITICAL 9.8

DescriptionNVD

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975.

AnalysisAI

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-707. A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. Affected products include: Ruoyi.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ruoyi

View all
CVE-2025-28412 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeControlle

CVE-2025-28410 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not prop

CVE-2025-28406 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter. Rated critical sev

CVE-2025-28405 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method. Rated critical se

CVE-2025-28402 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter. Rated critical severi

CVE-2023-49371 CRITICAL POC
9.8 Dec 01

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. Rated critical severity

CVE-2025-70985 CRITICAL POC
9.1 Jan 23

RuoYi v4.8.2 has an access control flaw in the update function allowing unauthorized attackers to modify arbitrary data

CVE-2025-28409 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endp

CVE-2025-28407 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endp

CVE-2025-56396 HIGH POC
8.8 Nov 26

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department havi

CVE-2022-23868 HIGH POC
7.8 Mar 30

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Rated high s

CVE-2025-70986 HIGH POC
7.5 Jan 23

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access

Share

CVE-2022-4566 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy