Zhijiantianya Ruoyi-Vue-Pro Path Traversal Vulnerability in Material Upload Interface

Vulnerability

A critical path traversal vulnerability has been identified in Zhijiantianya Ruoyi-Vue-Pro version 2.4.1. The issue arises in the Material Upload Interface, specifically within the file '/admin-api/mp/material/upload-news-image'. The vulnerability allows remote attackers to manipulate the 'file' argument, potentially leading to arbitrary file deletion.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server, affecting files accessible to the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zhijiantianya Ruoyi-Vue-Pro Path Traversal Vulnerability in Material Upload Interface

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating