Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29592 | 1 Aaluoxiang | 1 Oasys | 2025-09-22 | N/A | 5.6 MEDIUM |
| oasys v1.1 is vulnerable to Directory Traversal in ProcedureController. | |||||
| CVE-2025-44034 | 1 Aaluoxiang | 1 Oasys | 2025-09-20 | N/A | 8.0 HIGH |
| SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController | |||||
| CVE-2025-44033 | 1 Aaluoxiang | 1 Oasys | 2025-09-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java | |||||