CVE-2025-11629

RainyGao DocSys up to version 2.02.36 contains a SQL injection in the getUserList function (/Manage/getUserList.do). The vulnerability allows remote exploitation; exploit information has been disclosed publicly. Multiple sources (Red Hat, EU ENISA, CVE records, and PT Security) consistently ident...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which originates from a GET request to /user/getUserList and can result ...

PT-2024-11557 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue is a Sensitive Data Exposure vulnerability that can be exploited via a GET request to "/user/getUserList". Authentication is required to exploit this issue. The disclosed informatio...

PT-2023-13744 · Rawchen · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue was discovered that allows an attacker to obtain sensitive user information by bypassing permission checks via the "adminGetUserList" component, specifically through the "/adminGetUserList" A...