An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to mo
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing m
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to ad
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.
Page 1+ Next →