A vulnerability was found in RuoYi up to 4.6. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2023-49371. The attack needs to be done within the local network. There is no exploit available.