CVE-2022-32065

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/com.ruoyi/ruoyi

Identifiers

GHSA-6w2f-6wq3-rjvf, CVE-2022-32065

Package Slug

maven/com.ruoyi/ruoyi

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

Affected Versions

All versions before 4.7.4

Solution

Upgrade to version 4.7.4 or above.

Last Modified

2022-07-24

source