CVE-2024-10732

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 up to 11.10

Description A critical issue has been found in Tongda OA, affecting an unknown functionality of the file /module/word model/view/index.php. The manipulation of the query str argument leads to SQL injection. The attack can be launched remotely.

Recommendations For Tongda OA 2017 up to 11.10, consider disabling access to the /module/word model/view/index.php file or restricting the use of the query str argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.