The vulnerability of the delete.php script (located at general/hr/manage/staff_title_evaluation/delete.php) within the Tongda OA automation tool for business processes, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

🗓️ 03 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SQL injection flaw in Tongda automation tool delete.php via the EVALUATION_ID parameter risks data confidentiality, integrity, and availability.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-5261	29 Sep 202316:37	–	circl
CNNVD	Tongda OA SQL Injection Vulnerability	29 Sep 202300:00	–	cnnvd
CVE	CVE-2023-5261	29 Sep 202312:00	–	cve
Cvelist	CVE-2023-5261 Tongda OA 2017 delete.php sql injection	29 Sep 202312:00	–	cvelist
EUVD	EUVD-2023-57585	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5261	29 Sep 202312:15	–	nvd
Prion	Sql injection	29 Sep 202312:15	–	prion
Positive Technologies	PT-2023-5589 · Tongda · Tongda Oa 2017	29 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-5261	23 May 202504:31	–	redhatcve
Vulnrichment	CVE-2023-5261 Tongda OA 2017 delete.php sql injection	29 Sep 202312:00	–	vulnrichment

Vulners

Node

tongda_xinke_technology_co.,tongda_oaMatch2017

OR

tongda_xinke_technology_co.,tongda_oaMatch11.10

Source	Link
tongda2000	www.tongda2000.com/
vuldb	www.vuldb.com/
tongda2000	www.tongda2000.com/oa/MYOA2022/
github	www.github.com/csbsong/bug_report/blob/main/sql2.md
web	www.web.nvd.nist.gov/view/vuln/detail

03 Oct 2023 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 39.8

CVSS 210

EPSS0.0011

Tongda automation tool delete script flaw staff title evaluation evaluation id parameter database injection vulnerability data confidentiality data integrity data availability