CVE-2023-6611

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue affects the file pda/pad/email/delete.php, where the manipulation of the EMAIL ID argument leads to sql injection. The exploit has been disclosed to the public. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the delete.php file in the pda/pad/email directory until the upgrade is applied. Avoid using the EMAIL ID argument in the affected endpoint until the issue is resolved.