CVE-2025-9412 | lostvip-com ruoyi-go up to 2.1 DictDataDao.go SelectListByPage orderByColumn/isAsc sql injection

Inserito da Angelo Barbosa | Ago 25, 2025 | CVE

A vulnerability categorized as critical has been discovered in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection.

This vulnerability is reported as CVE-2025-9412. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9412 | lostvip-com ruoyi-go up to 2.1 DictDataDao.go SelectListByPage orderByColumn/isAsc sql injection

Post correlati

CVE-2024-6177 | LG Electronics SuperSign CMS up to 4.3.0 cross site scripting

CVE-2025-0862 | SuperSaaS Plugin up to 2.1.12 on WordPress cross site scripting

CVE-2024-44308 | Apple iOS/iPadOS on Intel Web Content Remote Code Execution

CVE-2025-48828 | vBulletin 6.0.3 Template improper protection of alternate path