CVE-2025-11629 | RainyGao DocSys up to 2.02.36 /Manage/getUserList.do getUserList sql injection

A vulnerability was found in RainyGao DocSys up to 2.02.36. It has been declared as critical. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection.

This vulnerability is referenced as CVE-2025-11629. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More