PT-2022-21085 · Ruoyi · Ruoyi

Solarpeng502

Published

2022-07-13

Updated

2022-07-26

CVE-2022-32065

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions RuoYi versions prior to 4.7.3

Description An arbitrary file upload vulnerability in the background management module allows attackers to execute arbitrary code via a crafted HTML file.

Recommendations For versions prior to 4.7.3, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting access to the background management module to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-79

Related Identifiers

CVE-2022-32065

GHSA-6W2F-6WQ3-RJVF

Affected Products

Ruoyi

PT-2022-21085 · Ruoyi · Ruoyi

CVE-2022-32065

Weakness Enumeration

Related Identifiers

Affected Products

References · 9