Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

yangzongzhuan — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting yangzongzhuan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yangzongzhuan is a Chinese web application framework primarily used for building enterprise content management systems and e-commerce platforms. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The framework's security posture has been compromised through improper input validation and weak access controls. Notable incidents include a 2020 vulnerability chain allowing attackers to achieve unauthenticated RCE via file upload mechanisms combined with path traversal flaws. Despite patches for its 11 documented CVEs, the framework remains prone to injection-based attacks due to its extensive use of dynamic evaluation functions and insufficient sanitization of user-supplied data.

Top products by yangzongzhuan: RuoYi RuoYi-Vue
CVE IDTitleCVSSSeverityPublished
CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection — RuoYiCWE-94 4.7 Medium2026-03-22
CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization — RuoYiCWE-285 6.3 Medium2025-09-26
CVE-2025-10473 yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection — RuoYiCWE-89 6.3 Medium2025-09-15
CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization — RuoYiCWE-285 5.4 Medium2025-09-13
CVE-2025-8847 yangzongzhuan RuoYi edit cross site scripting — RuoYiCWE-79 3.5 Low2025-08-11
CVE-2025-7907 yangzongzhuan RuoYi Druid application-druid.yml default credentials — RuoYiCWE-1392 4.3 Medium2025-07-20
CVE-2025-7906 yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload — RuoYiCWE-434 6.3 Medium2025-07-20
CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer — RuoYiCWE-1021 4.3 Medium2025-07-20
CVE-2025-7902 yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting — RuoYiCWE-79 3.5 Low2025-07-20
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting — RuoYiCWE-79 4.3 Medium2025-07-20
CVE-2025-4537 yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie — RuoYi-VueCWE-315 3.1 Low2025-05-11

This page lists every published CVE security advisory associated with yangzongzhuan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.