CVE-2025-9412 | lostvip-com ruoyi-go up to 2.1 DictDataDao.go SelectListByPage orderByColumn/isAsc sql injection

Inserito da Angelo Barbosa | Ago 25, 2025 | CVE

A vulnerability categorized as critical has been discovered in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection.

This vulnerability is reported as CVE-2025-9412. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9412 | lostvip-com ruoyi-go up to 2.1 DictDataDao.go SelectListByPage orderByColumn/isAsc sql injection

Post correlati

CVE-2021-22509 | OpenText NetIQ Advance Authentication up to 6.3.5.0 cleartext storage

CVE-2024-51053 | AVSCMS 8.2.0 /main/fileupload.php unrestricted upload

CVE-2024-38869 | Zoho ManageEngine ServiceDesk Plus cross site scripting

CVE-2024-8304 | jpress up to 5.1.1 Template Module /admin/template/edit path traversal (Issue 189)