CVE-2023-4166

Name of the Vulnerable Software and Affected Versions Tongda OA versions prior to 11.10

Description A critical vulnerability has been found in Tongda OA, affecting the file general/system/seal manage/dianju/delete log.php. The manipulation of the DELETE STR argument leads to sql injection. The exploit has been disclosed to the public and may be used.

Recommendations For versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting the manipulation of the DELETE STR argument in the affected file until the upgrade is applied.