CVE-2024-10618

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 up to 11.10

Description A critical issue has been found in Tongda OA, affecting some unknown processing of the file /pda/reportshop/record detail.php. The manipulation of the repid argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tongda OA 2017 up to 11.10, as a temporary workaround, consider restricting access to the /pda/reportshop/record detail.php file until a patch is available. Avoid using the repid argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.