SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
You're affected if you use SQL Injection vulnerability. Specific version info not stated in the advisory.
See the GitHub issue/commit: https://github.com/mrlihd/CVE-2024-57521-SQL-Injection-PoC/blob/main/README.md As immediate mitigation: restrict network access to affected systems if possible.