5 matches found
CVE-2025-28407
creationtimestamp| type| source ---|---|--- 2025-04-07 17:12:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf5noat2q 2025-04-07 18:44:54+00:00| seen| https://t.me/cvedetector/22328 2025-04-08 19:47:30+00:00| published-proof-of-concept|...
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...
CVE-2025-28407
CVE-2025-28407 affects RUoYi v4.8.0. A remote attacker can escalate privileges through the /edit/{dictId} endpoint due to insufficient permission validation on dictId modification. The CVE indicates high impact (CVSS 3.1: 8.8, Network/Low complexity, Privileges Required: Low, User Interaction: No...
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...