CVE-2023-5019: Tongda OA delete.php sql injection
First published: Sun Sep 17 2023(Updated: )
A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tongda2000 Tongda Oa | <11.10 | |
| <11.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5019?
The severity of CVE-2023-5019 is critical with a CVSS score of 9.8.
How does CVE-2023-5019 affect Tongda OA?
CVE-2023-5019 affects Tongda OA version up to 11.10.
What is the impact of CVE-2023-5019?
CVE-2023-5019 allows remote attackers to initiate SQL injection attacks by manipulating the REINSTATEMENT_ID argument.
Is there a known exploit for CVE-2023-5019?
Yes, there is a known exploit for CVE-2023-5019.
How can I fix CVE-2023-5019?
To fix CVE-2023-5019, apply the latest security patches or updates provided by the vendor.
- collector/nvd-index
- agent/author
- agent/type
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/tongda2000
- canonical/tongda2000 tongda oa