CVE-2025-10473 | yangzongzhuan RuoYi up to 4.8.1 Blacklist SqlUtil.java filterKeyword sql injection

Inserito da Angelo Barbosa | Set 15, 2025 | CVE

A vulnerability classified as critical was found in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection.

This vulnerability is cataloged as CVE-2025-10473. The attack may be launched remotely. Furthermore, there is an exploit available.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

CVE-2025-10473 | yangzongzhuan RuoYi up to 4.8.1 Blacklist SqlUtil.java filterKeyword sql injection

Post correlati

CVE-2024-54840 | CyberArk Access Manager Self-Hosted up to 14.3 PVWA Host injection

CVE-2024-22207 | fastify-swagger-ui up to 2.0.x insecure default initialization of resource

CVE-2021-34964 | Foxit PDF Editor 11.0.0.49893 Polygon Annotation use after free (ZDI-21-1195)

CVE-2025-27261 | Ericsson Indoor Connect 8855 up to 2025.Q1 Configuration Data sql injection