CVE-2024-1252 | Tongda OA 2017 up to 11.9 delete.php ASK_DUTY_ID sql injection

Inserito da Angelo Barbosa | Feb 6, 2024 | CVE

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection.

This vulnerability is known as CVE-2024-1252. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-1252 | Tongda OA 2017 up to 11.9 delete.php ASK_DUTY_ID sql injection

Post correlati

CVE-2024-21448 | Microsoft Teams on Android information disclosure

CVE-2024-8075 | TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 setDiagnosisCfg os command injection

CVE-2023-52146 | Aaron J 404 Solution Plugin up to 2.33.0 on WordPress information disclosure

CVE-2024-2394 | SourceCodester Employee Management System 1.0 /Admin/add-admin.php avatar unrestricted upload