CVE-2025-15493
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rainygao | docsys | to 2.02.36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15493 is a SQL injection vulnerability in RainyGao DocSys versions up to 2.02.36. It exists in the file src/com/DocSystem/mapping/ReposAuthMapper.xml, specifically involving improper sanitization of the searchWord argument. This flaw allows an attacker to inject malicious SQL commands remotely without authentication, potentially compromising the confidentiality, integrity, and availability of the system. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized execution of SQL commands, resulting in data leakage, full compromise of database integrity, and potentially allowing attackers to gain control over server permissions. This can severely impact system security and data confidentiality. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of the vulnerable file and interface, specifically `src/com/DocSystem/mapping/ReposAuthMapper.xml` and the `/Manage/getReposAllUsers.do` endpoint. Attackers use Google dorking with queries like `inurl:src/com/DocSystem/mapping/ReposAuthMapper.xml` to locate vulnerable targets. On your system, you can check for the existence of this file and monitor network traffic for requests to `/Manage/getReposAllUsers.do`. Additionally, inspecting logs for unusual or suspicious SQL commands involving the `searchWord` parameter may help detect exploitation attempts. Specific commands might include: 1) Using `find` to locate the file: `find / -path '*src/com/DocSystem/mapping/ReposAuthMapper.xml'` 2) Using `grep` to search for `searchWord` usage in code or logs: `grep -r 'searchWord' /path/to/DocSys` 3) Monitoring web server logs for requests to `/Manage/getReposAllUsers.do`: `grep '/Manage/getReposAllUsers.do' /var/log/apache2/access.log` [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Since no patches or official mitigations are available from the vendor, the recommended immediate step is to replace the affected component or product with an alternative that is not vulnerable. Additionally, you should restrict access to the vulnerable interface `/Manage/getReposAllUsers.do` by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block or limit access. Monitoring and logging for suspicious activity related to the `searchWord` parameter should be increased. Applying input validation or sanitization at a proxy or WAF level may also help mitigate exploitation attempts until a permanent fix is available. [1]