CVE-2023-6052

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 up to 11.9

Description A critical vulnerability has been found in Tongda OA, related to the file general/system/censor words/module/delete.php. The issue is due to the lack of protection against SQL injection when handling the DELETE STR parameter. This allows an attacker to execute arbitrary SQL queries. The exploit has been disclosed publicly.

Recommendations For Tongda OA 2017 up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the delete.php file or the DELETE STR parameter to minimize the risk of exploitation.