CVE-2025-1958 Information

Description

A vulnerability which was classified as critical has been found in aaluoxiang oa_system 1.0. This issue affects some unknown processing of the file src/main/resources/mappers/address-mapper.xml. The manipulation of the argument outtype leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/qkdjksfkeg/cve_article/blob/main/oasys/SQL%20injection.md https://github.com/qkdjksfkeg/cve_article/blob/main/oasys/SQL%20injection.md https://vuldb.com/?ctiid.298559 https://vuldb.com/?id.298559 https://vuldb.com/?submit.510750