Headline
GHSA-6w2f-6wq3-rjvf: RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
High severity GitHub Reviewed Published Jul 14, 2022 • Updated Jul 15, 2022
Related news
CVE-2022-32065: Vulnerability: The html file can be uploaded where the avatar is uploaded, and its content not be filtered, which resulting in stored XSS in Ruoyi cms · Issue #118 · yangzongzhuan/RuoYi
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.