CVE-2023-5298

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions prior to 11.10

Description A critical issue affects some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the REQUIREMENTS ID argument leads to sql injection. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA 2017 versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file general/hr/recruit/requirements/delete.php until the upgrade is applied. Avoid using the REQUIREMENTS ID argument in the affected functionality until the issue is resolved.