RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges
Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler.
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn
A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the arg
A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc c
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment l
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability.
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the order
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parame
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allo
Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.
Page 1+ Next →