8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
5.2 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
19.7%
A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872.
Vendor | Product | Version | CPE |
---|---|---|---|
tongda2000 | tongda_office_anywhere | 11.0 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.0:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.1 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.1:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.2 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.2:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.3 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.3:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.4 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.4:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.5 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.5:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.6 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.6:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.7 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.7:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.8 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.8:*:*:*:*:*:*:* |
tongda2000 | tongda_office_anywhere | 11.9 | cpe:2.3:a:tongda2000:tongda_office_anywhere:11.9:*:*:*:*:*:*:* |
[
{
"vendor": "Tongda",
"product": "OA",
"versions": [
{
"version": "11.0",
"status": "affected"
},
{
"version": "11.1",
"status": "affected"
},
{
"version": "11.2",
"status": "affected"
},
{
"version": "11.3",
"status": "affected"
},
{
"version": "11.4",
"status": "affected"
},
{
"version": "11.5",
"status": "affected"
},
{
"version": "11.6",
"status": "affected"
},
{
"version": "11.7",
"status": "affected"
},
{
"version": "11.8",
"status": "affected"
},
{
"version": "11.9",
"status": "affected"
},
{
"version": "11.10",
"status": "affected"
}
]
}
]
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
5.2 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
19.7%