CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
References
Link Resource
https://gitee.com/y_project/RuoYi/issues/I4RCO2 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:ruoyi:ruoyi:4.7.2:*:*:*:*:*:*:*

Information

Published : 2022-03-30 11:15

Updated : 2022-04-04 07:48


NVD link : CVE-2022-23869

Mitre link : CVE-2022-23869

Products Affected
No products.
CWE