CVE-2025-10218 | lostvip-com ruoyi-go 2.1 Background Management Page SysRoleDao.go SelectListPage sortName sql injection

A vulnerability, which was classified as critical, has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection.

This vulnerability is registered as CVE-2025-10218. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10218 | lostvip-com ruoyi-go 2.1 Background Management Page SysRoleDao.go SelectListPage sortName sql injection

Post correlati

CVE-2024-25521 | RuvarOA 6.01/12.01 get_company.aspx txt_keyword sql injection

CVE-2023-41171 | NetScout nGeniusONE 6.3.4 Build 2298 cross site scripting

CVE-2025-5008 | projectworlds Online Time Table Generator 1.0 /admin/add_teacher.php sql injection

CVE-2025-0700 | JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d /admin/sys/log/list logId sql injection