CVE-2023-6052

🗓️ 09 Nov 2023 12:37:56Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

Critical SQL injection vulnerability in Tongda OA 2017 up to 11.9

Reporter	Title	Published	Views	Family All 8
CNNVD	Tongda OA 2017 Security Breach	9 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-6052 Tongda OA 2017 delete.php sql injection	9 Nov 202312:37	–	cvelist
EUVD	EUVD-2023-58309	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6052	9 Nov 202313:15	–	nvd
Prion	Sql injection	9 Nov 202313:15	–	prion
Positive Technologies	PT-2023-7016 · Tongda Oa · Tongda Oa	9 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-6052	23 May 202502:04	–	redhatcve
Vulnrichment	CVE-2023-6052 Tongda OA 2017 delete.php sql injection	9 Nov 202312:37	–	vulnrichment

NVD

Vulners

Node

tongda2000 tongda_office_anywhereRange<11.10

[
  {
    "vendor": "Tongda",
    "product": "OA 2017",
    "versions": [
      {
        "version": "11.0",
        "status": "affected"
      },
      {
        "version": "11.1",
        "status": "affected"
      },
      {
        "version": "11.2",
        "status": "affected"
      },
      {
        "version": "11.3",
        "status": "affected"
      },
      {
        "version": "11.4",
        "status": "affected"
      },
      {
        "version": "11.5",
        "status": "affected"
      },
      {
        "version": "11.6",
        "status": "affected"
      },
      {
        "version": "11.7",
        "status": "affected"
      },
      {
        "version": "11.8",
        "status": "affected"
      },
      {
        "version": "11.9",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/kenankkkkk/cve/blob/main/sql.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
DELETE_STR	query param	general/system/censor_words/module/delete.php	SQL injection via DELETE_STR parameter in delete.php leading to unauthorized SQL execution.	CWE-89

21 Nov 2024 08:43Current

7.3High risk

Vulners AI Score7.3

CVSS 3.16.3 - 9.8

CVSS 25.8

CVSS 36.3

EPSS0.00178

SSVC

CWE-89