CVE-2024-10602

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 up to 11.9

Description A critical issue affects some unknown functionality of the file /general/approve center/list/input form/data picker link.php. The manipulation of the dataSrc argument leads to sql injection. The attack may be launched remotely.

Recommendations For Tongda OA 2017 up to 11.9, update to the latest patched version to mitigate risks. As a temporary workaround, consider restricting access to the vulnerable file /general/approve center/list/input form/data picker link.php until a patch is available. Avoid using the dataSrc argument in the affected functionality until the issue is resolved.