Search Results | AttackerKB

Show filters

Clear All

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Unknown

CVE-2022-23869

Disclosure Date: March 30, 2022 (last updated February 23, 2025)

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

Attacker Value

Unknown

CVE-2022-23868

Disclosure Date: March 30, 2022 (last updated February 23, 2025)

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.

Attack Vector: Local Privileges: None User Interaction: Required

2 Total Results

Displaying 1-2 of 2

Unknown

CVE-2022-23869

Unknown

CVE-2022-23868

Quick Cookie Notification