CVE-2024-10616

Summary

A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TongdaOA11.2affected
TongdaOA11.3affected
TongdaOA11.4affected
TongdaOA11.5affected
TongdaOA11.6affected
TongdaOA11.7affected
TongdaOA11.8affected
TongdaOA11.9affected

Weaknesses

  • CWE-89: SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References