SQL Injection Vulnerability in aaluoxiang oa_system's External Address Book Handler
CVE-2025-6829

6.3MEDIUM

Key Information:

Vendor: aaluoxiang
Status: oa_system
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-6829?

A critical vulnerability has been identified in the aaluoxiang oa_system, specifically affecting the outAddress function of the External Address Book Handler. This flaw allows for remote SQL injection attacks, enabling attackers to manipulate database queries and potentially gain unauthorized access to sensitive information. Due to the lack of versioning in this product, it is crucial for users to assess their systems for potential exploitation and take immediate action to mitigate risks.

References

https://github.com/chujianxin0101/vuln/issues/5

https://vuldb.com/?ctiid.314267

https://vuldb.com/?id.314267

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025