PT-2026-42935 · Yangzongzhuan · Ruoyi-Vue
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
yangzongzhuan RuoYi-Vue versions prior to 3.9.3
Description
A flaw in the Common Upload Endpoint component allows for unrestricted file upload. This issue occurs within the
FileUploadUtils.upload() function located in the '/common/upload' endpoint and can be exploited remotely through manipulation.Recommendations
Update to a version later than 3.9.2.
As a temporary workaround, restrict access to the '/common/upload' endpoint or disable the
FileUploadUtils.upload() function until a patch is applied.Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ruoyi-Vue