A vulnerability has been found in RainyGao DocSys up to version 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11629
🟡 Medium
CVE-2025-11629: SQL Injection in RainyGao DocSys
CVE-2025-11629 impacts RainyGao DocSys up to version 2.02.36, allowing SQL injection via the getUserList function. Remote attacks are possible.
CVE ID
CVE-2025-11629
CVSS Score
6.3
Vendor
unknown
Published
Oct 12
Vulnerability Details
- CVE ID
- CVE-2025-11629
- Severity
- Medium
- CVSS v3 Score
- 6.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 12, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners