ByteOS Network

NVD Vulnerability Details :

CVE-2025-15493

Analyzed

Source-cna@vuldb.com

Published At-09 Jan, 2026 | 17:15

Updated At-22 Jan, 2026 | 15:42

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

docsys_project>>docsys>>Versions up to 2.02.36(inclusive)

cpe:2.3:a:docsys_project:docsys:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-74	Secondary	cna@vuldb.com
CWE-89	Secondary	cna@vuldb.com
CWE-89	Primary	nvd@nist.gov

CWE ID: CWE-74

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-89

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-89

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md	cna@vuldb.com	Exploit Third Party Advisory
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0	cna@vuldb.com	Exploit Third Party Advisory
https://vuldb.com/?ctiid.340271	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.340271	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.725374	cna@vuldb.com	Third Party Advisory VDB Entry
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory