CVE-2025-15494 | RainyGao DocSys up to 2.02.37 UserMapper.xml Username sql injection

A vulnerability, which was classified as critical, has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection.

This vulnerability is documented as CVE-2025-15494. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More