CVE-2025-11630 | RainyGao DocSys up to 2.02.36 File Upload /Doc/uploadDoc.do updateRealDoc path path traversal

Inserito da Angelo Barbosa | Ott 11, 2025 | CVE

A vulnerability was found in RainyGao DocSys up to 2.02.36. It has been rated as critical. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal.

This vulnerability is identified as CVE-2025-11630. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11630 | RainyGao DocSys up to 2.02.36 File Upload /Doc/uploadDoc.do updateRealDoc path path traversal

Post correlati

CVE-2025-4232 | Palo Alto GlobalProtect App up to 6.0.0/6.1.0/6.2.8-h1/6.3.2 Log Collection wildcards or matching symbols

CVE-2023-35123 | Intel OpenBMC prior egs-1.14-0/bhs-0.27 uncaught exception in servlet (intel-sa-01078)

CVE-2024-7185 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWebWlanIdx webWlanIdx buffer overflow

CVE-2024-7384 | Acyba AcyMailing Plugin up to 9.7.2 on WordPress acym_extractArchive unrestricted upload