First published: Sat Dec 30 2023(Updated: )
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tongda OA | <11.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-7180 is classified as critical due to its potential impact on data integrity and confidentiality.
To mitigate CVE-2023-7180, update to Tongda OA version 11.10 or later to eliminate the vulnerability.
CVE-2023-7180 is an SQL injection vulnerability that affects the delete.php file in Tongda OA.
CVE-2023-7180 affects Tongda OA 2017 versions up to 11.9.
Attackers can exploit CVE-2023-7180 by manipulating the PROJ_ID_STR argument to execute unauthorized SQL commands.