Description
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
cve@mitre.org
https://github.com/yangzongzhuan/RuoYi134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md