RainyGao DocSys
0 remedies
cpe:2.3:a:docsys_project:docsys:*:*:*:*:*:*:*
0 remedies
- <= 2.02.36
RainyGao DocSys SQL Injection Vulnerability in GroupMemberMapper.xml
Vulnerability
A SQL injection vulnerability has been identified in RainyGao DocSys versions through 2.02.36. The issue arises in the '/Manage/getGroupAllUsers.do' interface, where the 'searchWord' argument can be manipulated to execute unauthorized SQL commands. This vulnerability allows attackers to access sensitive database information or potentially gain database or server-level permissions. The vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to access, modify, or delete database information. Additionally, according to the vulnerability submission, this SQL injection could lead to taking over database or even server permissions.
Reproduction
The vulnerability can be reproduced by sending a request to the '/Manage/getGroupAllUsers.do' interface with a crafted 'searchWord' parameter that exploits the SQL injection flaw. This can be done using a tool like SQLMap, targeting the 'searchWord' parameter to automate the exploitation process.
Added: Jan 9, 2026, 4:30 PM
Updated: Jan 9, 2026, 7:23 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
4.6remediation
0.0relevance
2.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.