Home

Description

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

PUBLISHED Reserved 2025-01-09 | Published 2025-12-23 | Updated 2025-12-23 | Assigner mitre

References

gitee.com/...commit/ddd858ca732618a472b10eaab2f8e4b45812ffc5

gitee.com/y_project/RuoYi/issues/IBC976

github.com/mrlihd/Ruoyi-4.7.9-SQL-Injection-PoC

github.com/...24-57521-SQL-Injection-PoC/blob/main/README.md

cve.org (CVE-2024-57521)

nvd.nist.gov (CVE-2024-57521)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.