CVE-2023-6276: Tongda OA 2017 delete.php sql injection
First published: Fri Nov 24 2023(Updated: )
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <11.10 | ||
| =2017 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-6276.
What is the severity of CVE-2023-6276?
The severity of CVE-2023-6276 is high with a CVSS score of 7.5.
How does CVE-2023-6276 affect Tongda OA 2017?
CVE-2023-6276 affects Tongda OA 2017 up to version 11.9.
What is the CWE ID associated with CVE-2023-6276?
The CWE ID associated with CVE-2023-6276 is CWE-89.
Is there a fix available for CVE-2023-6276?
Currently, there is no known fix available for CVE-2023-6276. It is recommended to follow the vendor's security advisories for updates and patches.
- agent/type
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/tongda2000
- canonical/tongda2000 tongda office anywhere
- version/tongda2000 tongda office anywhere/2017