PT-2022-17268 · Unknown · Tongda2000
Published
2022-02-23
·
Updated
2022-03-03
·
CVE-2022-25405
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tongda2000 version 11.10
Description
A SQL injection issue was found in change box.php via the
DELETE STR parameter. This allows for potential manipulation of database queries.Recommendations
For Tongda2000 version 11.10, consider restricting access to the change box.php file or the
DELETE STR parameter to minimize the risk of exploitation until a patch is available. Avoid using the DELETE STR parameter in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tongda2000