CVE-2024-10601

Name of the Vulnerable Software and Affected Versions Tongda OA versions 2017 up to 11.10

Description A critical issue has been found in Tongda OA, affecting an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the where repeat argument leads to SQL injection. The attack can be launched remotely.

Recommendations For Tongda OA versions 2017 up to 11.10, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the /general/address/private/address/query/delete.php file until a patch is available. Avoid using the where repeat argument in the affected file until the issue is resolved.