| Description: | | Ruoyi Management system is an open source project based on Java Spring Boot framework, designed to provide a simple to use, feature-rich management system solution. RuoYi management system has an arbitrary file download vulnerability. The vulnerability is due to the fact that RuoYi management system can modify the root directory parameters of file download by adding specific scheduled tasks, and then directly concatenate the path passed by the user with the local path, resulting in an attacker can download any file. This rule is used to detect suspicious behavior when setting the Profile root through the ruoYiConfig.setProfile method. |