A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Tue, 26 Aug 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ruoyi
Ruoyi ruoyi
Vendors & Products Ruoyi
Ruoyi ruoyi

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-25T20:37:18.379Z

Reserved: 2025-08-25T08:45:29.702Z

Link: CVE-2025-9412

cve-icon Vulnrichment

Updated: 2025-08-25T20:37:14.554Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-25T18:15:32.483

Modified: 2025-08-25T20:24:45.327

Link: CVE-2025-9412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T08:54:55Z