CVE-2023-7020

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue affects the processing of the file general/wiki/cp/ct/view.php. The manipulation of the TEMP ID argument leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the view.php file in the general/wiki/cp/ct directory until the upgrade is applied. Avoid using the TEMP ID argument in the affected file until the issue is resolved.