CVE-2025-11629 | RainyGao DocSys up to 2.02.36 /Manage/getUserList.do getUserList sql injection

Inserito da Angelo Barbosa | Ott 11, 2025 | CVE

A vulnerability was found in RainyGao DocSys up to 2.02.36. It has been declared as critical. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection.

This vulnerability is referenced as CVE-2025-11629. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11629 | RainyGao DocSys up to 2.02.36 /Manage/getUserList.do getUserList sql injection

Post correlati

CVE-2024-45337 | x-crypto up to 0.30.x on Go ServerConfig.PublicKeyCallback excessive reliance on global variables

CVE-2024-51989 | pglombardo PasswordPusher up to 1.48.0 cross site scripting

CVE-2024-37840 | itsourcecode Learning Management System 1.0 processscore.php LessonID sql injection

CVE-2024-53242 | Siemens Teamcenter Visualization WRL File out-of-bounds (ssa-583523)