PT-2023-32322 · Tongda Oa · Tongda Oa

Akina

Publicado

2023-10-26

Atualizado

2024-05-17

CVE-2023-5783

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue has been found in an unknown functionality of the file general/system/approve center/flow sort/flow/delete.php. The manipulation of the id/sort parent argument leads to sql injection. The attack can be launched remotely.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file general/system/approve center/flow sort/flow/delete.php until a patch is available.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-5783

Produtos afetados

Tongda Oa

PT-2023-32322 · Tongda Oa · Tongda Oa

CVE-2023-5783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8