SQL Injection Vulnerability in aaluoxiang oa_system's External Address Book Handler
CVE-2025-6829

5.3MEDIUM

Key Information:

Vendor

Aaluoxiang

Status
Oa System
Vendor
CVE Published:
28 June 2025

What is CVE-2025-6829?

A critical vulnerability has been identified in the aaluoxiang oa_system, specifically affecting the outAddress function of the External Address Book Handler. This flaw allows for remote SQL injection attacks, enabling attackers to manipulate database queries and potentially gain unauthorized access to sensitive information. Due to the lack of versioning in this product, it is crucial for users to assess their systems for potential exploitation and take immediate action to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

oa_system c3a08168c144f27256a90838492c713f55f1b207

References

https://vuldb.com/?id.314267
vdb-entrytechnical-description
https://vuldb.com/?ctiid.314267
signaturepermissions-required
https://vuldb.com/?submit.603033
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.