CVE-2024-10600

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.6

Description A critical issue was found in Tongda OA, affecting an unknown function of the file pda/appcenter/submenu.php. The manipulation of the appid argument leads to sql injection. It is possible to launch the attack remotely.

Recommendations For Tongda OA 2017 versions up to 11.6, update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider restricting access to the submenu.php file in the pda/appcenter directory until a patch is available. Avoid using the appid argument in the affected function until the issue is resolved.