Wxybboy8340

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 version 11.10 **Description** A critical issue has been found in Tongda OA, affecting the function `DELETE STR` of the file `general/system/res manage/monitor/delete webmail.php`. This issue leads to SQL injection and can be initiated remotely. The exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Tongda OA 2017 version 11.10, as a temporary workaround, consider disabling the `DELETE STR` function until a patch is available. Restrict access to the `delete webmail.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.