CNNVD-202601-1631 Information

CNNVD ID

CNNVD-202601-1631

Related CVE

CVE-2025-15492

• CNNVD Published: 2026-01-09

Description (Chinese)

MxsDoc是Rainy开源的一个基于 Web 的文件管理系统。 MxsDoc 2.02.36及之前版本存在安全漏洞，该漏洞源于对文件src/com/DocSystem/mapping/GroupMemberMapper.xml中参数searchWord的错误操作，可能导致SQL注入攻击。

Description (English)

MxsDoc is a web-based document management system from Rainy Open Source. MxDoc 2.02.36 and previous versions contain a security loophole, which stems from an error in the src/com/DocSystem/mapping/GroupMemberMapper.xml parameter:searchWord, which may result in an injection attack on SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Rainy

Published

2026-01-09

Last Modified

2026-02-24

References

https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md https://vuldb.com/?submit.725373 https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0 https://vuldb.com/?id.340270 https://vuldb.com/?ctiid.340270 https://access.redhat.com/security/cve/cve-2025-15492

Patch

https://github.com/RainyGao-GitHub/DocSys/releases