CVE-2025-6829: aaluoxiang oa_system External Address Book outAddress sql injection
Description
A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Eine kritische Schwachstelle wurde in aaluoxiang oa_system bis c3a08168c144f27256a90838492c713f55f1b207 gefunden. Dies betrifft die Funktion outAddress der Komponente External Address Book Handler. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.
Classification
CVE ID: CVE-2025-6829
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
Vendor: aaluoxiang
Product: oa_system
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.54% (scored less or equal to compared to others)
EPSS Date: 2025-07-05 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-6829https://vuldb.com/?id.314267
https://vuldb.com/?ctiid.314267
https://vuldb.com/?submit.603033
https://github.com/chujianxin0101/vuln/issues/5