CVE-2025-9410 | lostvip-com ruoyi-go up to 2.1 GenTableDao.go SelectListByPage isAsc/orderByColumn sql injection

A vulnerability was found in lostvip-com ruoyi-go up to 2.1. It has been declared as critical. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection.

This vulnerability is registered as CVE-2025-9410. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More