CVE-2024-10657

Summary

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approve_center/prcs_info.php. The manipulation of the argument RUN_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TongdaOA11.0affected
TongdaOA11.1affected
TongdaOA11.2affected
TongdaOA11.3affected
TongdaOA11.4affected
TongdaOA11.5affected
TongdaOA11.6affected
TongdaOA11.7affected
TongdaOA11.8affected
TongdaOA11.9affected
TongdaOA11.10affected

Weaknesses

  • CWE-89: SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References