Lostvip-Com Ruoyi Go Vulnerability

MEDIUM (6.3) No Patch (113 days)

cwe-74 cwe-89 aenrich go lostvip-com ruoyi-go sql-injection web-application

Threat Intelligence

Low Risk

EPSS Score: 0.05% chance of exploitation (percentile: 16%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Lostvip-com ruoyi-go is a web application built using the Go programming language. It's an HR management system used by some organizations for employee management. This vulnerability allows attackers to execute SQL injection attacks on the system, potentially gaining unauthorized access to sensitive data.

Am I affected?

You're affected if you use Lostvip-com ruoyi-go version 2.1 or earlier. If you don't recognize this software, you're probably not affected. Check with your IT department if your organization uses Lostvip-com ruoyi-go. Version info: Not specified in the advisory.

Affected Packages

go: github.com/on-theway/ruoyi-go

How to fix

Upgrade to Lostvip-com ruoyi-go version 2.2 or later.
- Immediate mitigations:
- Restrict network access to your Lostvip-com ruoyi-go instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation