CVE-2025-9411 | lostvip-com ruoyi-go up to 2.1 LoginInforService.go SelectPageList isAsc sql injection

Inserito da Angelo Barbosa | Ago 25, 2025 | CVE

A vulnerability was found in lostvip-com ruoyi-go up to 2.1. It has been rated as critical. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection.

This vulnerability is documented as CVE-2025-9411. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9411 | lostvip-com ruoyi-go up to 2.1 LoginInforService.go SelectPageList isAsc sql injection

Post correlati

CVE-2024-32352 | Totolink X5000R 9.1.0cu.2350_B20230313 cstecgi.cgi ipsecL2tpEnable Privilege Escalation

CVE-2023-40464 | Sierra Wireless ALEOS up to 4.9.8/4.16 hard-coded key (swi-psa-2023-006)

CVE-2025-20171 | Cisco IOS/IOS XE Software SNMP Subsystem denial of service (cisco-sa-snmp-dos-sdxnSUcW)

CVE-2024-58069 | Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 Nvmem Interface regmap_read out-of-bounds