CVE-2025-9413 | lostvip-com ruoyi-go up to 2.1 system_router.go SelectListByPage orderByColumn/isAsc sql injection

Inserito da Angelo Barbosa | Ago 25, 2025 | CVE

A vulnerability identified as critical has been detected in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection.

This vulnerability appears as CVE-2025-9413. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9413 | lostvip-com ruoyi-go up to 2.1 system_router.go SelectListByPage orderByColumn/isAsc sql injection

Post correlati

CVE-2025-40722 | Flatboard Pro up to 3.2.1 /config.php/tags replace cross site scripting

CVE-2024-36264 | Apache Submarine Commons Utils 0.8.0 improper authentication

CVE-2025-8772 | Vinades NukeViet up to 4.5.06 Module index.php?language=en&nv=upload server-side request forgery

CVE-2023-49570 | Bitdefender Total Security prior 27.0.25.115. HTTPS Scanning certificate validation