VYPR

Docsys

by Docsys Project

CVEs (9)

  • CVE-2025-15494MedJan 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-15493MedJan 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack…

  • CVE-2025-15492MedJan 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the…

  • CVE-2025-11630MedOct 12, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The…

  • CVE-2025-11629MedOct 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may…

  • CVE-2025-11631MedOct 12, 2025
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has…

  • CVE-2022-4511Dec 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be…

  • CVE-2022-4416Dec 12, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can…

  • CVE-2022-4402Dec 11, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has…