CNNVD-202508-3510 Information

CNNVD ID

CNNVD-202508-3510

Related CVE

CVE-2025-44033

• CNNVD Published: 2025-08-29

Description (Chinese)

oasys是程序员二师兄（Programmer Second Senior Brother）个人开发者的一个 OA 自动化办公系统。 oasys 1.1版本存在安全漏洞，该漏洞源于src/main/java/cn/gson/oasys/mappers/AddressMapper.java中allDirector方法存在SQL注入，可能导致执行任意代码。

Description (English)

Oasys is an OA automated office system for programmer’s second brother brother. There is a security loophole in version 1.1 of oasys, which originates from the SQL injection of the AllDirector method in src/main/java/cn/gson/oasys/mappers/AddressMapper.java, which could lead to the implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-29

Last Modified

2026-02-24

References

https://github.com/qkdjksfkeg/Security-Collections/blob/main/sqlinjection.md https://nvd.nist.gov/vuln/detail/CVE-2025-44033