RainyGao DocSys ReposAuthMapper.xml sql injection_CVE-2025-15493

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15493

Source VulDB

Published Jan 9, 2026 at 16:32

Affected Product

Vendor RainyGao

Product DocSys

Version 2.02.0

Affected Versions RainyGao DocSys 2.02.0
RainyGao DocSys 2.02.1
RainyGao DocSys 2.02.2
RainyGao DocSys 2.02.3
RainyGao DocSys 2.02.4
RainyGao DocSys 2.02.5
RainyGao DocSys 2.02.6
RainyGao DocSys 2.02.7
RainyGao DocSys 2.02.8
RainyGao DocSys 2.02.9
RainyGao DocSys 2.02.10
RainyGao DocSys 2.02.11
RainyGao DocSys 2.02.12
RainyGao DocSys 2.02.13
RainyGao DocSys 2.02.14
RainyGao DocSys 2.02.15
RainyGao DocSys 2.02.16
RainyGao DocSys 2.02.17
RainyGao DocSys 2.02.18
RainyGao DocSys 2.02.19
RainyGao DocSys 2.02.20
RainyGao DocSys 2.02.21
RainyGao DocSys 2.02.22
RainyGao DocSys 2.02.23
RainyGao DocSys 2.02.24
RainyGao DocSys 2.02.25
RainyGao DocSys 2.02.26
RainyGao DocSys 2.02.27
RainyGao DocSys 2.02.28
RainyGao DocSys 2.02.29
RainyGao DocSys 2.02.30
RainyGao DocSys 2.02.31
RainyGao DocSys 2.02.32
RainyGao DocSys 2.02.33
RainyGao DocSys 2.02.34
RainyGao DocSys 2.02.35
RainyGao DocSys 2.02.36

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-09T16:32:06.558Z",
    "modified": "2026-01-09T16:32:06.558Z",
    "type": "cve",
    "title": "RainyGao DocSys ReposAuthMapper.xml sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.340271\nhttps://vuldb.com/?ctiid.340271\nhttps://vuldb.com/?submit.725374\nhttps://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md\nhttps://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0",
    "id": "CVE-2025-15493",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "RainyGao DocSys 2.02.0\nRainyGao DocSys 2.02.1\nRainyGao DocSys 2.02.2\nRainyGao DocSys 2.02.3\nRainyGao DocSys 2.02.4\nRainyGao DocSys 2.02.5\nRainyGao DocSys 2.02.6\nRainyGao DocSys 2.02.7\nRainyGao DocSys 2.02.8\nRainyGao DocSys 2.02.9\nRainyGao DocSys 2.02.10\nRainyGao DocSys 2.02.11\nRainyGao DocSys 2.02.12\nRainyGao DocSys 2.02.13\nRainyGao DocSys 2.02.14\nRainyGao DocSys 2.02.15\nRainyGao DocSys 2.02.16\nRainyGao DocSys 2.02.17\nRainyGao DocSys 2.02.18\nRainyGao DocSys 2.02.19\nRainyGao DocSys 2.02.20\nRainyGao DocSys 2.02.21\nRainyGao DocSys 2.02.22\nRainyGao DocSys 2.02.23\nRainyGao DocSys 2.02.24\nRainyGao DocSys 2.02.25\nRainyGao DocSys 2.02.26\nRainyGao DocSys 2.02.27\nRainyGao DocSys 2.02.28\nRainyGao DocSys 2.02.29\nRainyGao DocSys 2.02.30\nRainyGao DocSys 2.02.31\nRainyGao DocSys 2.02.32\nRainyGao DocSys 2.02.33\nRainyGao DocSys 2.02.34\nRainyGao DocSys 2.02.35\nRainyGao DocSys 2.02.36",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DocSys",
    "version": "2.02.0",
    "vendor": "RainyGao",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}