CVE-2023-5783

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue has been found in an unknown functionality of the file general/system/approve center/flow sort/flow/delete.php. The manipulation of the id/sort parent argument leads to sql injection. The attack can be launched remotely.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file general/system/approve center/flow sort/flow/delete.php until a patch is available.