exploitDog

GHSA-qrv6-2jvp-jrwq

Опубликовано: 29 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java

Ссылки

EPSS

Процентиль: 59%

0.00385

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-44033

CVSS3: 9.8

nvd

5 месяцев назад

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java

EPSS

Процентиль: 59%

0.00385

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89