CNNVD-202509-2497 Information

CNNVD ID

CNNVD-202509-2497

Related CVE

CVE-2025-44034

• CNNVD Published: 2025-09-16

Description (Chinese)

oasys是misstt123个人开发者的一个OA办公自动化系统。 oasys 1.1版本存在安全漏洞，该漏洞源于对文件src/main/Java/cn/gson/oasys/controller/address/AddrController中参数alph的错误操作，可能导致SQL注入攻击。

Description (English)

Oasys is an OA office automation system for 123 individual developers of the issuettt. There is a security loophole in version 1.1 of oasys, which stems from an error in the operation of alph, the parameter in document src/main/Java/cn/gson/oasys/controller/address/AddrController, which could lead to an attack on SQL.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/qkdjksfkeg/Security-Collections/blob/main/sqlinjection2.md https://access.redhat.com/security/cve/cve-2025-44034