CVE-2025-15493

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-15493

Summary: RainyGao DocSys

CVE-2025-15493 RainyGao DocSys ReposAuthMapper.xml sql injection

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

github docs 安全漏洞

github docs is a software application. A security vulnerability exists in github docs version 2.02.36 and earlier, which stems from an incorrect manipulation of the parameter searchWord in the file src/com/DocSystem/mapping/ReposAuthMapper.xml, which could lead to an SQL injection attack...

PT-2026-1772

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.36 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Manipulating the...

PT-2026-1771

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions through 2.02.36 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in the file src/com/DocSystem/mapping/GroupMemberMapper.xml within an unknown function. Manipulating the...

EUVD-2025-33886

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...

CVE-2025-11631

A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

CVE-2025-11630

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made...

CVE-2025-11631 RainyGao DocSys deleteDoc.do path traversal

A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

CVE-2025-11629

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...

CVE-2025-11629 RainyGao DocSys getUserList.do getUserList sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...

MxsDoc 路径遍历漏洞

MxsDoc is a web-based document management system from Rainy Open Source. A path traversal vulnerability exists in MxsDoc version 2.02.36 and earlier, which stems from a misuse of the path parameter in the file /Doc/deleteDoc.do, which could lead to a path traversal attack...