CVE-2023-6276 | Tongda OA 2017 up to 11.9 delete.php PROJ_ID_STR sql injection

Posted by Angelo Barbosa | Nov 24, 2023 | CVE

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection.This vulnerability is uniquely identified as CVE-2023-6276. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2023-6276 | Tongda OA 2017 up to 11.9 delete.php PROJ_ID_STR sql injection

Related Posts

CVE-2024-0945 | 60IndexPage up to 1.8.5 Parameter /include/file.php url server-side request forgery

CVE-2024-4648 | Campcodes Complete Web-Based School Management System 1.0 student_exam_mark_update_form.php std_index cross site scripting

CVE-2023-39251 | Dell CPG BIOS memory corruption (dsa-2023-342)

CVE-2023-49253 | Hongdian H8951-4G-ESP prior 2310271149 User Interface hard-coded credentials