CVE-2023-5261

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions prior to 11.10

Description A critical issue was found in Tongda OA 2017, affecting an unknown function of the file general/hr/manage/staff title evaluation/delete.php. The manipulation of the EVALUATION ID argument leads to SQL injection. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Tongda OA 2017 versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the delete.php file in the general/hr/manage/staff title evaluation directory to minimize the risk of exploitation. Avoid using the EVALUATION ID parameter in the affected file until the issue is resolved.