CVE-2024-54762

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.

Related Vulnerabilities

CVE-2005-4349

MEDIUM
CVSS:6.3(Medium)

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the...

CWE-892005

CVE-2012-3336

MEDIUM
CVSS:6.3(Medium)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attack...

CWE-892012

CVE-2015-7791

MEDIUM
CVSS:6.3(Medium)

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column...

CWE-892015

CVE-2016-2301

MEDIUM
CVSS:6.3(Medium)

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5939

MEDIUM
CVSS:6.3(Medium)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2017-1722

MEDIUM
CVSS:6.3(Medium)

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete inform...

CWE-892017