PT-2024-15923 · Tongda · Tongda Oa 2017

Yu1E

Published

2024-01-26

Updated

2025-03-19

CVE-2024-0938

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical issue was found in Tongda OA 2017, affecting an unknown part of the file /general/email/inbox/delete webmail.php. The manipulation of the WEBBODY ID STR argument leads to sql injection.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the /general/email/inbox/delete webmail.php file until the upgrade is applied. Avoid using the WEBBODY ID STR argument in the affected file until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-0938

Affected Products

Tongda Oa 2017

PT-2024-15923 · Tongda · Tongda Oa 2017

CVE-2024-0938

Weakness Enumeration

Related Identifiers

Affected Products

References · 8