RainyGao DocSys
0 remedies
cpe:2.3:a:docsys_project:docsys:*:*:*:*:*:*:*
0 remedies
- >= 2.02.0, <= 2.02.36
RainyGao DocSys SQL Injection Vulnerability in ReposAuthMapper.xml
Vulnerability
A SQL injection vulnerability has been identified in RainyGao DocSys versions through 2.02.36. The issue resides in the ReposAuthMapper.xml file, specifically within the /Manage/getReposAllUsers.do interface. The vulnerability allows attackers to manipulate the searchWord parameter, potentially leading to unauthorized access to sensitive database information or elevated database and server permissions. This vulnerability can be exploited remotely, and a proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for SQL injection, which could be used to access or manipulate database information. Additionally, according to the vulnerability submission, this SQL injection could lead to gaining database or even server permissions.
Reproduction
The vulnerability can be reproduced by sending a request to the /Manage/getReposAllUsers.do interface with a crafted searchWord parameter that exploits the SQL injection flaw. This can be done using a tool like SQLMap, targeting the searchWord parameter to automate the exploitation process.
Added: Jan 9, 2026, 5:31 PM
Updated: Jan 9, 2026, 7:21 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
4.6remediation
0.0relevance
2.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.