CVE-2024-10658

Summary

A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approve_center/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TongdaOA11.0affected
TongdaOA11.1affected
TongdaOA11.2affected
TongdaOA11.3affected
TongdaOA11.4affected
TongdaOA11.5affected
TongdaOA11.6affected
TongdaOA11.7affected
TongdaOA11.8affected
TongdaOA11.9affected
TongdaOA11.10affected

Weaknesses

  • CWE-89: SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References