CVE-2025-7906

by Fred · 20/07/2025

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Assigner : cna@vuldb.com

More information : https://github.com/yangzongzhuan/RuoYi/issues/296

CVE-2025-7906

Similar

Recent Posts

Categories

CVE-2025-7906

Share this:

Similar

Recent Posts

Categories

Tags