CVE-2024-4903 | Tongda OA 2017 delete.php M_ID_STR sql injection

Inserito da Angelo Barbosa | Mag 15, 2024 | CVE

A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection.

This vulnerability was named CVE-2024-4903. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4903 | Tongda OA 2017 delete.php M_ID_STR sql injection

Post correlati

CVE-2024-4818 | Campcodes Online Laundry Management System 1.0 /index.php page file inclusion

CVE-2024-40945 | Linux Kernel up to 5.4.278/5.10.220/5.15.161/6.6.34/6.9.5 iommu_sva_bind_device null pointer dereference

CVE-2024-4106 | Yokogawa Electric FAST TOOLS/CI Server empty password in configuration file

CVE-2024-25027 | IBM Security Verify Access Docker 10.0.6 Snapshot missing encryption (XFDB-281607)