CVE-2025-15493

Опубликовано: 09 янв. 2026

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md
Exploit
Third Party Advisory
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.340271
Permissions Required
VDB Entry
https://vuldb.com/?id.340271
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.725374
Third Party Advisory
VDB Entry
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md
Exploit
Third Party Advisory
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docsys_project:docsys:*:*:*:*:*:*:*:*

Версия до 2.02.36 (включая)

EPSS

Процентиль: 8%

0.00028

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-rg37-qjm5-vw5p

CVSS3: 6.3

github

30 дней назад

EPSS

Процентиль: 8%

0.00028

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-89