CVE-2022-4511

The CVE-2022-4511 entry pertains to RainyGao DocSys. The vulnerability affects the component com.DocSystem.controller.UserController#getUserImg and enables a path traversal via ../filedir. It is described as remote-exploitable and classified as critical/high impact across multiple sources, with e...

CVE-2022-4402

CVE-2022-4402 affects RainyGao DocSys 2.02.37, specifically the ZIP File Decompression Handler. The issue is a path traversal vulnerability triggered by using "../filedir" that can be exploited remotely. Multiple sources confirm the exploit has been publicly disclosed, and the vulnerability is la...

CVE-2025-11630

RainyGao DocSys (versions up to 2.02.36) is affected by a path traversal in the File Upload component. The vulnerability is in the function updateRealDoc within /Doc/uploadDoc.do, triggered by manipulating the path parameter. It is remotely exploitable and the exploit is public. Several sources c...

CVE-2025-11631

Affected software : RainyGao DocSys up to 2.02.36. Vulnerability : path traversal in the file /Doc/deleteDoc.do via manipulation of the path parameter. Impact : potential for unauthorized file system access; described as remote, with prior public exploit. Multiple connected sources corroborate th...

CVE-2025-15493

Summary: RainyGao DocSys

CVE-2025-11629

RainyGao DocSys up to version 2.02.36 contains a SQL injection in the getUserList function (/Manage/getUserList.do). The vulnerability allows remote exploitation; exploit information has been disclosed publicly. Multiple sources (Red Hat, EU ENISA, CVE records, and PT Security) consistently ident...

CVE-2025-15492

RainyGao DocSys 2.02.36 and earlier contains a SQL injection in GroupMemberMapper.xml (unknown function) where manipulating the searchWord parameter enables remote exploitation. Public exploit exists; vendor not responding to disclosures. Affected component: src/com/DocSystem/mapping/GroupMemberM...

CVE-2025-15494

RainyGao DocSys