CVE-2024-10730

Name of the Vulnerable Software and Affected Versions Tongda OA versions up to 11.6

Description A critical issue has been found in Tongda OA, affecting some unknown processing of the file /pda/appcenter/web show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.

Recommendations For Tongda OA versions up to 11.6, patch immediately to prevent exploitation and check for signs of compromise. As a temporary workaround, consider restricting access to the file /pda/appcenter/web show.php to minimize the risk of exploitation. Avoid using the argument ID in the affected file until the issue is resolved.