CVE-2023-5023

Name of the Vulnerable Software and Affected Versions Tongda OA version 2017

Description A critical issue was found in Tongda OA, affecting some unknown functionality of the file general/hr/manage/staff relatives/delete.php. The manipulation of the RELATIVES ID argument leads to SQL injection.

Recommendations For Tongda OA version 2017, consider restricting access to the vulnerable file general/hr/manage/staff relatives/delete.php to minimize the risk of exploitation. As a temporary workaround, avoid using the RELATIVES ID argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.