CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-9413

CVE-2025-9413 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the function SelectListByPage (modules/system/system_router.go), where manipulation of the arguments orderByColumn and isAsc enables SQL injection. The issue can be triggered remotely; a public exploit has been ...

CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectPageList function in the LoginInforService.go file when handling the isAsc argument. An attacker can execute unauthorized SQL commands by supplying crafted input remotely. Remediation There is no fixed versio...

CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

CVE-2025-9411

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-9410

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely...

CVE-2025-9411

CVE-2025-9411 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the SelectPageList function of modules/system/service/LoginInforService.go, where manipulation of the isAsc argument enables SQL injection. Exploitation is remote and has been publicly disclosed; multiple source...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the GenTableDao.go file. An attacker can access or modify sensitive data, or disrupt application functionality by manipulating the isAsc or orderByColumn arguments in crafted requests...

CVE-2025-9410 lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely...

PT-2025-34684 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A weakness exists in the SelectListByPage function of the modules/system/dao/GenTableDao.go file. Manipulation of the isAsc/orderByColumn argument can lead to SQL injection. This issue is potentially...

ruoyi-go 安全漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which originates from the improper handling of the isAsc parameter in the SelectPageList function in the file...

PT-2025-34687 · Lostvip Com · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions up to 2.1 Description: A security issue exists in the SelectPageList function within the modules/system/service/LoginInforService.go file. Manipulation of the isAsc argument can lead to SQL injection. This issue ...

PT-2025-34697 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A flaw has been found in the SelectListByPage function of the modules/system/system router.go file. Manipulation of the orderByColumn and isAsc arguments can lead to SQL injection. The attack may be...

PT-2025-34690 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A vulnerability exists in the SelectListByPage function within the modules/system/dao/DictDataDao.go file. Manipulation of the orderByColumn and isAsc arguments can lead to SQL injection. This issue is...

SUSE CVE-2025-38629

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

CVE-2025-38629

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...