Browse all 4 CVE security advisories affecting aaluoxiang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Aaluoxiang is a Chinese e-commerce platform facilitating online marketplace transactions for third-party sellers. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from improper input validation and access control weaknesses. The platform has faced scrutiny for security lapses, including incidents where user data exposure occurred due to insecure API implementations and insufficient encryption practices. Its vulnerability profile reflects common challenges in large-scale web applications handling sensitive financial and personal information, with multiple CVEs documenting these recurring security shortcomings over time.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6829 | aaluoxiang oa_system External Address Book outAddress sql injection — oa_systemCWE-89 | 6.3 | Medium | 2025-06-28 |
| CVE-2025-5545 | aaluoxiang oa_system ProcedureController.java image path traversal — oa_systemCWE-22 | 4.3 | Medium | 2025-06-03 |
| CVE-2025-5544 | aaluoxiang oa_system UserpanelController.java image path traversal — oa_systemCWE-22 | 4.3 | Medium | 2025-06-03 |
| CVE-2025-1958 | aaluoxiang oa_system address-mapper.xml sql injection — oa_systemCWE-89 | 6.3 | Medium | 2025-03-04 |
This page lists every published CVE security advisory associated with aaluoxiang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.