CVE-2023-5030

Name of the Vulnerable Software and Affected Versions Tongda OA versions up to 11.10

Description A critical issue has been found, affecting the file general/hr/recruit/plan/delete.php. The manipulation of the PLAN ID argument leads to sql injection.

Recommendations For versions up to 11.10, consider restricting access to the delete.php file in the general/hr/recruit/plan directory to minimize the risk of exploitation. Avoid using the PLAN ID argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.