CNNVD-202508-2928 Information

Aug 25, 2025 cve

CNNVD ID

CNNVD-202508-2928

CVE-2025-9410

CNNVD Published: 2025-08-25

Description (Chinese)

ruoyi-go是lostvip.com个人开发者的一个后台管理系统。 ruoyi-go 2.1及之前版本存在安全漏洞，该漏洞源于文件modules/system/dao/GenTableDao.go中SelectListByPage函数对isAsc/orderByColumn参数处理不当，可能导致SQL注入。

Description (English)

Ruoyi-go is a back-office management system for individual developers in lostvip.com. The ruoyi-go 2.1 and previous versions have a security loophole, which stems from the inappropriate handling of the sisasc/orderByColumn parameters by the SelectListByPage function in document Modeules/system/dao/GenTableDao.go, which may lead to the injection of SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.633679 https://vuldb.com/?submit.633677 https://vuldb.com/?id.321251 https://vuldb.com/?ctiid.321251 https://github.com/on-theway/cve/issues/4 https://github.com/on-theway/cve/issues/3 https://access.redhat.com/security/cve/cve-2025-9410 https://nvd.nist.gov/vuln/detail/CVE-2025-9410

Share on: