CVE-2024-10615

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.10

Description A critical issue affects some unknown functionality of the file /general/approve center/query/list/input form/delete data attach.php. The manipulation of the RUN ID argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA 2017 versions up to 11.10, restrict access to the vulnerable file /general/approve center/query/list/input form/delete data attach.php to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the RUN ID parameter in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.