A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
History

Tue, 26 Aug 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ruoyi
Ruoyi ruoyi
Vendors & Products Ruoyi
Ruoyi ruoyi

Tue, 26 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Title lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-25T20:34:45.643Z

Reserved: 2025-08-25T08:45:05.090Z

Link: CVE-2025-9410

cve-icon Vulnrichment

Updated: 2025-08-25T20:34:41.039Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-25T17:15:32.067

Modified: 2025-08-25T20:24:45.327

Link: CVE-2025-9410

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-25T16:32:06Z

Links: CVE-2025-9410 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T08:54:52Z