CVE-2023-5781: Tongda OA 2017 delete_webmail.php DELETE_STR sql injection
First published: Thu Oct 26 2023(Updated: )
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <11.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5781?
CVE-2023-5781 is a critical vulnerability found in Tongda OA 2017 11.10, which allows for remote SQL injection through the DELETE_STR function in the delete_webmail.php file.
How severe is CVE-2023-5781?
CVE-2023-5781 has a severity score of 9.8, indicating it is critical.
What is the affected software version?
The affected software version is Tongda OA 2017 11.10.
What is the CWE ID of CVE-2023-5781?
The CWE ID of CVE-2023-5781 is 89, which refers to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
How can I fix CVE-2023-5781?
To fix CVE-2023-5781, it is recommended to apply the latest security patches provided by the vendor or upgrade to a patched version of Tongda OA 2017.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/author
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/tongda2000