Login Sign Up

CVE-2025-15493

6.3 MEDIUM
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in RainyGao DocSys document management system up to version 2.02.36. Attackers can exploit this remotely by manipulating the searchWord parameter, potentially accessing or modifying database contents. Organizations using vulnerable versions of DocSys are affected.

💻 Affected Systems

Products:
  • RainyGao DocSys
Versions: Up to and including 2.02.36
Operating Systems: All platforms running DocSys
Default Config Vulnerable: ⚠️ Yes
Notes: All installations up to version 2.02.36 are vulnerable by default. The vulnerability exists in the ReposAuthMapper.xml file.

📦 What is this software?

Docsys by Docsys Project

View all CVEs affecting Docsys →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, or potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information from the database, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability can be exploited remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading if newer versions exist or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the searchWord parameter to reject SQL special characters

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the searchWord parameter

🧯 If You Can't Patch

  • Isolate the DocSys application behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Check DocSys version in admin panel or configuration files. If version is 2.02.36 or earlier, system is vulnerable.

Check Version:

Check application configuration files or admin interface for version information

Verify Fix Applied:

Test search functionality with SQL injection payloads to confirm they are properly rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed search attempts with special characters
  • Database error messages containing SQL syntax

Network Indicators:

  • HTTP requests with SQL injection patterns in searchWord parameter
  • Unusual database connection patterns from application server

SIEM Query:

source="app_logs" AND ("searchWord" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "--" OR "'" OR ";"))

📊 Metadata

CVE ID: CVE-2025-15493
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (9th percentile)
Published: January 9, 2026
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15493, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)