Search criteria
9 vulnerabilities by RainyGao
CVE-2025-15494 (GCVE-0-2025-15494)
Vulnerability from cvelistv5 – Published: 2026-01-09 16:32 – Updated: 2026-01-09 18:37
VLAI?
Title
RainyGao DocSys UserMapper.xml sql injection
Summary
A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 Affected: 2.02.37 |
Credits
xkalami (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T17:47:25.132354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:37:05.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
},
{
"status": "affected",
"version": "2.02.37"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xkalami (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:32:08.806Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-340272 | RainyGao DocSys UserMapper.xml sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.340272"
},
{
"name": "VDB-340272 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.340272"
},
{
"name": "Submit #725407 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.37 SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.725407"
},
{
"tags": [
"related"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-09T12:36:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys UserMapper.xml sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15494",
"datePublished": "2026-01-09T16:32:08.806Z",
"dateReserved": "2026-01-09T11:30:47.602Z",
"dateUpdated": "2026-01-09T18:37:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15493 (GCVE-0-2025-15493)
Vulnerability from cvelistv5 – Published: 2026-01-09 16:32 – Updated: 2026-01-09 18:37
VLAI?
Title
RainyGao DocSys ReposAuthMapper.xml sql injection
Summary
A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 |
Credits
xkalami (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T17:47:33.207334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:37:10.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xkalami (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:32:06.558Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-340271 | RainyGao DocSys ReposAuthMapper.xml sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.340271"
},
{
"name": "VDB-340271 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.340271"
},
{
"name": "Submit #725374 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.36 SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.725374"
},
{
"tags": [
"related"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-09T12:36:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys ReposAuthMapper.xml sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15493",
"datePublished": "2026-01-09T16:32:06.558Z",
"dateReserved": "2026-01-09T11:30:44.838Z",
"dateUpdated": "2026-01-09T18:37:10.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15492 (GCVE-0-2025-15492)
Vulnerability from cvelistv5 – Published: 2026-01-09 16:02 – Updated: 2026-01-09 18:38
VLAI?
Title
RainyGao DocSys GroupMemberMapper.xml sql injection
Summary
A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 |
Credits
xkalami (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T17:49:02.762988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:38:08.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xkalami (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:02:07.110Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-340270 | RainyGao DocSys GroupMemberMapper.xml sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.340270"
},
{
"name": "VDB-340270 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.340270"
},
{
"name": "Submit #725373 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.36 SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.725373"
},
{
"tags": [
"related"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-09T12:36:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys GroupMemberMapper.xml sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15492",
"datePublished": "2026-01-09T16:02:07.110Z",
"dateReserved": "2026-01-09T11:30:38.788Z",
"dateUpdated": "2026-01-09T18:38:08.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11631 (GCVE-0-2025-11631)
Vulnerability from cvelistv5 – Published: 2025-10-12 08:02 – Updated: 2025-10-17 14:33
VLAI?
Title
RainyGao DocSys deleteDoc.do path traversal
Summary
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 |
Credits
Tta0 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:33:27.390652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:33:31.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tta0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In RainyGao DocSys up to 2.02.36 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /Doc/deleteDoc.do. Durch das Beeinflussen des Arguments path mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T08:02:06.131Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328043 | RainyGao DocSys deleteDoc.do path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328043"
},
{
"name": "VDB-328043 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328043"
},
{
"name": "Submit #664848 | https://github.com/RainyGao-GitHub/DocSys/ DocSys 2.02.36 Delete any file",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.664848"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T15:56:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys deleteDoc.do path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11631",
"datePublished": "2025-10-12T08:02:06.131Z",
"dateReserved": "2025-10-11T13:51:13.753Z",
"dateUpdated": "2025-10-17T14:33:31.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11630 (GCVE-0-2025-11630)
Vulnerability from cvelistv5 – Published: 2025-10-12 07:32 – Updated: 2025-10-17 14:34
VLAI?
Title
RainyGao DocSys File Upload uploadDoc.do updateRealDoc path traversal
Summary
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 |
Credits
Tta0 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11630",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:34:13.117647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:34:15.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"File Upload"
],
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tta0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In RainyGao DocSys up to 2.02.36 wurde eine Schwachstelle gefunden. Es geht um die Funktion updateRealDoc der Datei /Doc/uploadDoc.do der Komponente File Upload. Durch Manipulieren des Arguments path mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T07:32:04.891Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328042 | RainyGao DocSys File Upload uploadDoc.do updateRealDoc path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328042"
},
{
"name": "VDB-328042 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328042"
},
{
"name": "Submit #664845 | https://github.com/RainyGao-GitHub/DocSys/ DocSys 2.02.36 Upload any file",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.664845"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T15:56:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys File Upload uploadDoc.do updateRealDoc path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11630",
"datePublished": "2025-10-12T07:32:04.891Z",
"dateReserved": "2025-10-11T13:51:10.924Z",
"dateUpdated": "2025-10-17T14:34:15.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11629 (GCVE-0-2025-11629)
Vulnerability from cvelistv5 – Published: 2025-10-12 07:02 – Updated: 2025-10-15 19:52
VLAI?
Title
RainyGao DocSys getUserList.do getUserList sql injection
Summary
A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RainyGao | DocSys |
Affected:
2.02.0
Affected: 2.02.1 Affected: 2.02.2 Affected: 2.02.3 Affected: 2.02.4 Affected: 2.02.5 Affected: 2.02.6 Affected: 2.02.7 Affected: 2.02.8 Affected: 2.02.9 Affected: 2.02.10 Affected: 2.02.11 Affected: 2.02.12 Affected: 2.02.13 Affected: 2.02.14 Affected: 2.02.15 Affected: 2.02.16 Affected: 2.02.17 Affected: 2.02.18 Affected: 2.02.19 Affected: 2.02.20 Affected: 2.02.21 Affected: 2.02.22 Affected: 2.02.23 Affected: 2.02.24 Affected: 2.02.25 Affected: 2.02.26 Affected: 2.02.27 Affected: 2.02.28 Affected: 2.02.29 Affected: 2.02.30 Affected: 2.02.31 Affected: 2.02.32 Affected: 2.02.33 Affected: 2.02.34 Affected: 2.02.35 Affected: 2.02.36 |
Credits
Tta0 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:52:12.247988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:52:15.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A5.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.0"
},
{
"status": "affected",
"version": "2.02.1"
},
{
"status": "affected",
"version": "2.02.2"
},
{
"status": "affected",
"version": "2.02.3"
},
{
"status": "affected",
"version": "2.02.4"
},
{
"status": "affected",
"version": "2.02.5"
},
{
"status": "affected",
"version": "2.02.6"
},
{
"status": "affected",
"version": "2.02.7"
},
{
"status": "affected",
"version": "2.02.8"
},
{
"status": "affected",
"version": "2.02.9"
},
{
"status": "affected",
"version": "2.02.10"
},
{
"status": "affected",
"version": "2.02.11"
},
{
"status": "affected",
"version": "2.02.12"
},
{
"status": "affected",
"version": "2.02.13"
},
{
"status": "affected",
"version": "2.02.14"
},
{
"status": "affected",
"version": "2.02.15"
},
{
"status": "affected",
"version": "2.02.16"
},
{
"status": "affected",
"version": "2.02.17"
},
{
"status": "affected",
"version": "2.02.18"
},
{
"status": "affected",
"version": "2.02.19"
},
{
"status": "affected",
"version": "2.02.20"
},
{
"status": "affected",
"version": "2.02.21"
},
{
"status": "affected",
"version": "2.02.22"
},
{
"status": "affected",
"version": "2.02.23"
},
{
"status": "affected",
"version": "2.02.24"
},
{
"status": "affected",
"version": "2.02.25"
},
{
"status": "affected",
"version": "2.02.26"
},
{
"status": "affected",
"version": "2.02.27"
},
{
"status": "affected",
"version": "2.02.28"
},
{
"status": "affected",
"version": "2.02.29"
},
{
"status": "affected",
"version": "2.02.30"
},
{
"status": "affected",
"version": "2.02.31"
},
{
"status": "affected",
"version": "2.02.32"
},
{
"status": "affected",
"version": "2.02.33"
},
{
"status": "affected",
"version": "2.02.34"
},
{
"status": "affected",
"version": "2.02.35"
},
{
"status": "affected",
"version": "2.02.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tta0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in RainyGao DocSys up to 2.02.36 entdeckt. Betroffen hiervon ist die Funktion getUserList der Datei /Manage/getUserList.do. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T07:02:06.148Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328041 | RainyGao DocSys getUserList.do getUserList sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328041"
},
{
"name": "VDB-328041 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328041"
},
{
"name": "Submit #664843 | https://github.com/RainyGao-GitHub/DocSys/ DocSys 2.02.36 SQL injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.664843"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T15:56:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "RainyGao DocSys getUserList.do getUserList sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11629",
"datePublished": "2025-10-12T07:02:06.148Z",
"dateReserved": "2025-10-11T13:51:03.160Z",
"dateUpdated": "2025-10-15T19:52:15.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4511 (GCVE-0-2022-4511)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-14 15:55
VLAI?
Title
RainyGao DocSys path traversal
Summary
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Path Traversal -> CWE-23 Relative Path Traversal -> CWE-24 Path Traversal: '../filedir'
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/RainyGao/DocSys/issues/I66A3V"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.215851"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:53:38.957895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:55:06.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal -\u003e CWE-23 Relative Path Traversal -\u003e CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://gitee.com/RainyGao/DocSys/issues/I66A3V"
},
{
"url": "https://vuldb.com/?id.215851"
}
],
"title": "RainyGao DocSys path traversal",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4511",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-15T00:00:00.000Z",
"dateUpdated": "2025-04-14T15:55:06.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4416 (GCVE-0-2022-4416)
Vulnerability from cvelistv5 – Published: 2022-12-12 00:00 – Updated: 2025-04-15 13:05
VLAI?
Title
RainyGao DocSys getReposAllUsers.do getReposAllUsers sql injection
Summary
A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
CWE
- CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/RainyGao/DocSys/issues/I65QEE"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.215278"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4416",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:03.245515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:05:24.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://gitee.com/RainyGao/DocSys/issues/I65QEE"
},
{
"url": "https://vuldb.com/?id.215278"
}
],
"title": "RainyGao DocSys getReposAllUsers.do getReposAllUsers sql injection",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4416",
"datePublished": "2022-12-12T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:05:24.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4402 (GCVE-0-2022-4402)
Vulnerability from cvelistv5 – Published: 2022-12-11 00:00 – Updated: 2025-04-15 13:05
VLAI?
Title
RainyGao DocSys ZIP File Decompression path traversal
Summary
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271.
Severity ?
4.7 (Medium)
CWE
- CWE-22 - Path Traversal -> CWE-23 Relative Path Traversal -> CWE-24 Path Traversal: '../filedir'
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/A-TGAO/MxsDocVul/blob/main/ZipSlipVul.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/RainyGao/DocSys/issues/I65IYU"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.215271"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:04:25.822751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:05:54.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocSys",
"vendor": "RainyGao",
"versions": [
{
"status": "affected",
"version": "2.02.37"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: \u0027../filedir\u0027. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal -\u003e CWE-23 Relative Path Traversal -\u003e CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-11T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/A-TGAO/MxsDocVul/blob/main/ZipSlipVul.md"
},
{
"url": "https://gitee.com/RainyGao/DocSys/issues/I65IYU"
},
{
"url": "https://vuldb.com/?id.215271"
}
],
"title": "RainyGao DocSys ZIP File Decompression path traversal",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4402",
"datePublished": "2022-12-11T00:00:00.000Z",
"dateReserved": "2022-12-11T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:05:54.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}