Zhijiantianya Ruoyi-Vue-Pro Path Traversal Vulnerability in File Upload Interface

Vulnerability

A critical path traversal vulnerability has been identified in Zhijiantianya Ruoyi-Vue-Pro version 2.4.1. The issue arises in the backend file upload interface, specifically within the admin-api/infra/file/upload endpoint. The vulnerability allows for remote exploitation by manipulating the 'path' argument, potentially leading to unauthorized access to the file system.

Impact

Exploitation of this vulnerability allows for path traversal, which could be used to access files outside of the intended directory, potentially leading to the disclosure of sensitive information or further exploitation of the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zhijiantianya Ruoyi-Vue-Pro Path Traversal Vulnerability in File Upload Interface

Vulnerability

Impact

Affected Products

zhijiantianya ruoyi-vue-pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating