CVE-2023-5265

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions prior to 11.10

Description A critical issue has been found in Tongda OA 2017, affecting some unknown functionality of the file general/hr/manage/staff transfer/delete.php. The manipulation of the TRANSFER ID argument leads to sql injection. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA 2017 versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the general/hr/manage/staff transfer/delete.php file until the upgrade is applied. Avoid using the TRANSFER ID argument in the affected file until the issue is resolved.