A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection.
This vulnerability is traded as CVE-2024-1251. The attack needs to be done within the local network. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.