CVE-2024-1252

Name of the Vulnerable Software and Affected Versions Tongda OA 2017 versions up to 11.9

Description A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID argument leads to SQL injection.

Recommendations For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the /general/attendance/manage/ask duty/delete.php file until the upgrade is applied. Avoid using the ASK DUTY ID argument in the affected file until the issue is resolved.