Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2022-23869

Disclosure Date: March 30, 2022 (last updated February 23, 2025)
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0