CVE-2023-27025

Published: Apr 2, 2023Modified: Feb 18, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

Affected (1)

Products: Ruoyi: Ruoyi

Ruoyi

1 product

Ruoyi

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ruoyi Ruoyi	Up to 4.7.6

Related CWEs

CWE-494

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (4)

https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0

Source: cve@mitre.org

Permissions Required

https://gitee.com/y_project/RuoYi/issues/I697Q5

Source: cve@mitre.org

ExploitIssue Tracking

https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://gitee.com/y_project/RuoYi/issues/I697Q5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.