Tongda OA 2017 delete.php sql injection
CVE-2023-6611

7.5HIGH

Key Information:

Vendor

Tongda

Status
OA 2017
Vendor
CVE Published:
8 December 2023

What is CVE-2023-6611?

A SQL injection vulnerability has been identified in Tongda OA 2017, specifically within the email deletion functionality located at pda/pad/email/delete.php. By manipulating the EMAIL_ID parameter, an attacker could execute unauthorized SQL commands, potentially compromising the integrity of the database. The issue was publicly disclosed, highlighting the urgency for users to upgrade to version 11.10 to mitigate potential exploitation. It is crucial for administrators to implement the recommended updates to ensure their systems remain secure against this vulnerability. The vendor, Tongda Technology, did not provide feedback after being contacted regarding this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OA 2017 11.0

OA 2017 11.1

OA 2017 11.2

References

https://vuldb.com/?id.247246
vdb-entrytechnical-description
https://vuldb.com/?ctiid.247246
signaturepermissions-required
https://github.com/13223355/cve/blob/main/sql.md
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sasav587 (VulDB User)
JSON
.