CVE-2023-7021

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue has been found in the software, affecting an unknown function of the file general/vehicle/checkup/delete search.php. The manipulation of the VU ID argument leads to sql injection, allowing for remote attacks. The issue has been publicly disclosed and may be exploited.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the delete search.php file until the upgrade is applied.