CVE-2025-6829 MEDIUM

CVE-2025-6829: aaluoxiang oa_system External Address Book outAddress sql injection

Vendor Aaluoxiang
Product oa_system
Weakness CWE-89 · SQLi
Published June 28, 2025
Last update June 30, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Key dates

02Disclosure timeline

June 28, 2025 CVE published
June 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-3466 SourceCodester Laundry Management System Pengeluaran.php laporan_filter sql injection CVE-2025-4696 PHPGurukul/Campcodes Cyber Cafe Management System search.php sql injection CVE-2024-13491 Small Package Quotes – For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection CVE-2023-3023 WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby' CVE-2025-9837 itsourcecode Student Information Management System index.php sql injection