Unrated severityOSV Advisory· Published Dec 23, 2025· Updated Dec 23, 2025

CVE-2024-57521

Description

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

Affected products

Yangzongzhuan/RuoyiOSV
Range: v2.2, v2.3, v2.4, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitee.com/y_project/RuoYi/commit/ddd858ca732618a472b10eaab2f8e4b45812ffc5mitre
gitee.com/y_project/RuoYi/issues/IBC976mitre
github.com/mrlihd/CVE-2024-57521-SQL-Injection-PoC/blob/main/README.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000