Lucene search

[email protected]CVE-2023-6607

HistoryDec 08, 2023 - 2:15 p.m.

CVE-2023-6607

2023-12-0814:15:07

CWE-89

[email protected]

web.nvd.nist.gov

tongda oa

2017

11.10

critical

sql injection

cve-2023-6607

vdb-247243

nvd

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.9%

JSON

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Vulners

NVD

Node

tongda2000office_anywhere_2017Match11.0

tongda2000office_anywhere_2017Match11.1

tongda2000office_anywhere_2017Match11.2

tongda2000office_anywhere_2017Match11.3

tongda2000office_anywhere_2017Match11.4

tongda2000office_anywhere_2017Match11.5

tongda2000office_anywhere_2017Match11.6

tongda2000office_anywhere_2017Match11.7

tongda2000office_anywhere_2017Match11.8

tongda2000office_anywhere_2017Match11.9

tongda2000office_anywhere_2017Match11.10

VendorProductVersionCPE
tongda2000office_anywhere_201711.0cpe:2.3:a:tongda2000:office_anywhere_2017:11.0:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.1cpe:2.3:a:tongda2000:office_anywhere_2017:11.1:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.2cpe:2.3:a:tongda2000:office_anywhere_2017:11.2:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.3cpe:2.3:a:tongda2000:office_anywhere_2017:11.3:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.4cpe:2.3:a:tongda2000:office_anywhere_2017:11.4:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.5cpe:2.3:a:tongda2000:office_anywhere_2017:11.5:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.6cpe:2.3:a:tongda2000:office_anywhere_2017:11.6:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.7cpe:2.3:a:tongda2000:office_anywhere_2017:11.7:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.8cpe:2.3:a:tongda2000:office_anywhere_2017:11.8:*:*:*:*:*:*:*
tongda2000office_anywhere_201711.9cpe:2.3:a:tongda2000:office_anywhere_2017:11.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tongda2000	office_anywhere_2017	11.0	cpe:2.3:a:tongda2000:office_anywhere_2017:11.0:::::::*
tongda2000	office_anywhere_2017	11.1	cpe:2.3:a:tongda2000:office_anywhere_2017:11.1:::::::*
tongda2000	office_anywhere_2017	11.2	cpe:2.3:a:tongda2000:office_anywhere_2017:11.2:::::::*
tongda2000	office_anywhere_2017	11.3	cpe:2.3:a:tongda2000:office_anywhere_2017:11.3:::::::*
tongda2000	office_anywhere_2017	11.4	cpe:2.3:a:tongda2000:office_anywhere_2017:11.4:::::::*
tongda2000	office_anywhere_2017	11.5	cpe:2.3:a:tongda2000:office_anywhere_2017:11.5:::::::*
tongda2000	office_anywhere_2017	11.6	cpe:2.3:a:tongda2000:office_anywhere_2017:11.6:::::::*
tongda2000	office_anywhere_2017	11.7	cpe:2.3:a:tongda2000:office_anywhere_2017:11.7:::::::*
tongda2000	office_anywhere_2017	11.8	cpe:2.3:a:tongda2000:office_anywhere_2017:11.8:::::::*
tongda2000	office_anywhere_2017	11.9	cpe:2.3:a:tongda2000:office_anywhere_2017:11.9:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Tongda",
    "product": "OA 2017",
    "versions": [
      {
        "version": "11.0",
        "status": "affected"
      },
      {
        "version": "11.1",
        "status": "affected"
      },
      {
        "version": "11.2",
        "status": "affected"
      },
      {
        "version": "11.3",
        "status": "affected"
      },
      {
        "version": "11.4",
        "status": "affected"
      },
      {
        "version": "11.5",
        "status": "affected"
      },
      {
        "version": "11.6",
        "status": "affected"
      },
      {
        "version": "11.7",
        "status": "affected"
      },
      {
        "version": "11.8",
        "status": "affected"
      },
      {
        "version": "11.9",
        "status": "affected"
      },
      {
        "version": "11.10",
        "status": "affected"
      }
    ]
  }
]

References

github.com/willchen0011/cve/blob/main/sql.md

vuldb.com/?ctiid.247243

vuldb.com/?id.247243

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for CVE-2023-6607

prion1 nvd1 cvelist1