CVE-2024-10655

Name of the Vulnerable Software and Affected Versions Tongda OA versions 2017 up to 11.9

Description A critical issue has been identified, affecting unknown code in the file /pda/reportshop/new.php. The manipulation of the repid argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.

Recommendations For Tongda OA versions 2017 up to 11.9, patch immediately to prevent remote exploitation. If patching is delayed, prioritize mitigations. As a temporary workaround, consider restricting access to the /pda/reportshop/new.php file and avoiding the use of the repid argument until a patch is available.