CVE-2023-5023: Tongda OA delete.php sql injection
First published: Sun Sep 17 2023(Updated: )
A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tongda2000 Tongda Oa | =2017 | |
| =2017 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5023?
The severity of CVE-2023-5023 is high.
How does CVE-2023-5023 affect Tongda OA 2017?
CVE-2023-5023 affects Tongda OA 2017 through a SQL injection vulnerability in the file general/hr/manage/staff_relatives/delete.php.
What is the CWE classification of CVE-2023-5023?
CVE-2023-5023 is classified as CWE-89, which is a vulnerability related to SQL injection.
Is there a known exploit for CVE-2023-5023?
Yes, a public exploit for CVE-2023-5023 has been disclosed.
Where can I find more information about CVE-2023-5023?
You can find more information about CVE-2023-5023 at the following references: [1] [2] [3].
- collector/nvd-index
- agent/author
- agent/type
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/tongda2000
- canonical/tongda2000 tongda oa
- version/tongda2000 tongda oa/2017