CVE-2023-4165

Name of the Vulnerable Software and Affected Versions Tongda OA versions prior to 11.10

Description A critical issue was found in Tongda OA, affecting the file general/system/seal manage/iweboffice/delete seal.php. The manipulation of the DELETE STR argument leads to sql injection. The issue has been publicly disclosed and may be exploited.

Recommendations For versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the delete seal.php file until the upgrade is applied.