CVE-2025-15493 | RainyGao DocSys up to 2.02.36 ReposAuthMapper.xml searchWord sql injection

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability classified as critical was found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection.

This vulnerability is registered as CVE-2025-15493. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15493 | RainyGao DocSys up to 2.02.36 ReposAuthMapper.xml searchWord sql injection

Post correlati

CVE-2024-37099 | Liquid Web GiveWP Plugin up to 3.14.1 on WordPress deserialization

CVE-2023-5749 | EmbedPress Plugin up to 3.9.1 on WordPress cross site scripting (daac-3899-4169)

CVE-2023-27150 | openCRX 5.2.0 Manage Activity Name cross site scripting

CVE-2025-14777 | Keycloak on Red Hat Admin API Endpoint authentication bypass by alternate name