CVE-2023-5497

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 version 11.10

Description A critical issue has been found in the software. It affects an unknown function of the file general/hr/salary/welfare manage/delete.php. The manipulation of the WELFARE ID argument leads to sql injection. This issue can be exploited remotely.

Recommendations For Tongda OA 2017 version 11.10, consider restricting access to the vulnerable file general/hr/salary/welfare manage/delete.php until a patch is available. As a temporary workaround, avoid using the WELFARE ID argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.