📦 Oa System

This SQL injection vulnerability in oa_system oasys v1.1 allows remote attackers to execute arbitrary SQL commands via the allDirector() method. Attackers can potentially read, modify, or delete datab...

This SQL injection vulnerability in oa_system oasys v1.1 allows remote attackers to execute arbitrary SQL commands via the alph parameters in the AddrController. This could lead to data theft, data ma...

This CVE describes a path traversal vulnerability in the aaluoxiang oa_system that allows attackers to read arbitrary files on the server. The vulnerability exists in the image function of UserpanelCo...

This critical SQL injection vulnerability in aaluoxiang oa_system 1.0 allows remote attackers to execute arbitrary SQL commands via the 'outtype' parameter in address-mapper.xml. Attackers can potenti...