Aaluoxiang

**Name of the Vulnerable Software and Affected Versions** aaluoxiang oa system versions up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5 **Description** A vulnerability was found in the `image` function of the `UserpanelController.java` file, which can lead to path traversal. The attack may be launched remotely. The issue has been rated as problematic. **Recommendations** For versions up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5, as a temporary workaround, consider restricting access to the `image` function of the `UserpanelController.java` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aaluoxiang oa system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5 **Description** A problematic vulnerability has been found in aaluoxiang oa system, affecting the `image` function of the file `src/main/java/cn/gson/oasys/controller/process/ProcedureController.java`. This vulnerability leads to path traversal and can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** As a temporary workaround, consider restricting access to the `image` function in the `ProcedureController.java` file until a fix is available. Avoid using the vulnerable `image` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.