RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
Moderate severity
GitHub Reviewed
Published
Jul 14, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 13, 2022
Published to the GitHub Advisory Database
Jul 14, 2022
Reviewed
Jul 15, 2022
Last updated
Jan 27, 2023
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
References