Key Information Vulnerability Description Vulnerability Name: Ruoyi 4.7.9 SQL Injection Vulnerability CVE ID: CVE-2022-4566 Root Cause: Insufficient SQL keyword validation in the file . Attackers can bypass regular expressions by using (invisible character) as a space substitute, leading to SQL injection. Proof of Concept (PoC) 1. Log in with admin account 2. Send createTable request - TRUE query: - FALSE query: Remediation Suggestions Filter character Filter instead of (without space) Discussion Details Fix Issue: SQL injection caused by bypassing regex via . Reproduction Issue: When sending requests in Burp Suite, copying to browser triggers additional , which may inadvertently exploit the vulnerability. PoC Script: Successfully tested; PoC script provided to retrieve database version. PR Submission: Patch submitted for version