CVE-2025-66916
π¨ CRITICALThe snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing...
Description
Request Expert ReviewThe snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.
CVSS Scores
References
Additional Information
- Source
- cve@mitre.org
- State
- Awaiting analysis
Related CVEs
CVE-2026-1139
HIGHA vulnerability has been found in UTT θΏε 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The...
CVE-2026-1138
HIGHA flaw has been found in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can...
CVE-2026-1137
HIGHA vulnerability was detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig....
CVE-2026-1136
LOWA weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bCont...
CVE-2026-1135
MEDIUMA security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. T...
CVE-2026-1134
MEDIUMA vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The ma...
Share CVE-2025-66916
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-66916 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!