PT-2026-1772 · Unknown · Rainygao Docsys

Xkalami

Publicado

2026-01-09

Atualizado

2026-01-22

CVE-2025-15493

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.36

Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Manipulating the searchWord argument can trigger the SQL injection. The attack can be launched remotely. An exploit for this issue has been published. The vendor was notified but did not respond.

Recommendations Versions prior to 2.02.36 should be updated. As a temporary workaround, consider restricting or disabling the functionality related to the searchWord argument in the affected file src/com/DocSystem/mapping/ReposAuthMapper.xml until a patch is available.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-15493

Produtos afetados

Rainygao Docsys

PT-2026-1772 · Unknown · Rainygao Docsys

CVE-2025-15493

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10