CVE-2025-15494
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rainygao | docsys | to 2.02.37 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15494 is a SQL injection vulnerability in RainyGao DocSys versions up to 2.02.37. It exists in the UserMapper.xml file, where the Username argument can be manipulated by an attacker to inject malicious SQL code. This flaw allows remote attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the system. The vulnerability is easy to exploit and a proof-of-concept exploit is publicly available. [1, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to access sensitive database information, manipulate or delete data, and escalate privileges to gain control over the database or even the underlying server. This can lead to data breaches, loss of data integrity, service disruption, and unauthorized control over the affected system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is running RainyGao DocSys up to version 2.02.37 and if the vulnerable file com/DocSystem/mapping/UserMapper.xml or the /Manage/getUserList.do interface is accessible. You can use Google dorking with queries like `inurl:com/DocSystem/mapping/UserMapper.xml` to find potentially vulnerable targets. Additionally, testing the Username parameter for SQL injection by sending crafted payloads to the /Manage/getUserList.do interface may help detect exploitation attempts. Specific commands are not provided, but using tools like curl or sqlmap targeting the Username parameter in the mentioned interface could be effective. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected component with an alternative product, as no known countermeasures or patches have been published by the vendor. Restricting access to the vulnerable endpoints such as com/DocSystem/mapping/UserMapper.xml and /Manage/getUserList.do, implementing web application firewalls (WAF) to detect and block SQL injection attempts, and monitoring for suspicious activity are recommended. Since the vendor did not respond and no fixes are available, these defensive measures are critical to reduce risk. [1]