CVE-2025-15492
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rainygao | docsys | to 2.02.36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15492 is a SQL injection vulnerability in RainyGao DocSys up to version 2.02.36. It exists in an unknown function within the file src/com/DocSystem/mapping/GroupMemberMapper.xml, specifically involving manipulation of the argument searchWord. This improper handling allows attackers to inject malicious SQL commands remotely, potentially compromising the database and system. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute unauthorized SQL commands, leading to unauthorized access to sensitive database information. Exploitation can result in full compromise of the database and potentially escalate to gaining server-level permissions, impacting the confidentiality, integrity, and availability of the affected system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the vulnerable interface /Manage/getGroupAllUsers.do and testing the searchWord parameter for SQL injection. Attackers can identify vulnerable targets using Google dorking with queries such as: inurl:src/com/DocSystem/mapping/GroupMemberMapper.xml. For detection on your system, you can use tools like sqlmap to test the parameter, for example: sqlmap -u "http://target/Manage/getGroupAllUsers.do?searchWord=test" --batch --dbs. Additionally, monitoring network traffic for suspicious SQL injection patterns targeting the searchWord parameter may help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures have been published by the vendor. The suggested immediate step is to replace the affected component or product with an alternative that is not vulnerable. Additionally, restricting access to the vulnerable interface, implementing web application firewalls (WAF) to detect and block SQL injection attempts, and monitoring for suspicious activity are recommended interim measures until a patch or fix is available. [3]