CVE-2024-10658

🗓️ 01 Nov 2024 15:00:07Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

Critical SQL Injection in Tongda OA 11.1

Reporter	Title	Published	Views	Family All 8
CNNVD	TONGDA Office Anywhere SQL注入漏洞	1 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10658 Tongda OA check_seal.php sql injection	1 Nov 202415:00	–	cvelist
EUVD	EUVD-2024-33229	3 Oct 202520:07	–	euvd
NVD	CVE-2024-10658	1 Nov 202415:15	–	nvd
OSV	CVE-2024-10658	1 Nov 202415:15	–	osv
Positive Technologies	PT-2024-16436 · Tongda Oa · Tongda Oa	1 Nov 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-10658	23 May 202508:18	–	redhatcve
Vulnrichment	CVE-2024-10658 Tongda OA check_seal.php sql injection	1 Nov 202415:00	–	vulnrichment

NVD

Vulners

Node

tongda2000 office_anywhereRange11.2–11.10

[
  {
    "vendor": "Tongda",
    "product": "OA",
    "versions": [
      {
        "version": "11.0",
        "status": "affected"
      },
      {
        "version": "11.1",
        "status": "affected"
      },
      {
        "version": "11.2",
        "status": "affected"
      },
      {
        "version": "11.3",
        "status": "affected"
      },
      {
        "version": "11.4",
        "status": "affected"
      },
      {
        "version": "11.5",
        "status": "affected"
      },
      {
        "version": "11.6",
        "status": "affected"
      },
      {
        "version": "11.7",
        "status": "affected"
      },
      {
        "version": "11.8",
        "status": "affected"
      },
      {
        "version": "11.9",
        "status": "affected"
      },
      {
        "version": "11.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/LvZCh/td/issues/14
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
ID	query param	/pda/approve_center/check_seal.php	SQL injection via ID parameter in check_seal.php (CWE-89)	CWE-89

04 Nov 2024 19:46Current

7.1High risk

Vulners AI Score7.1

CVSS 3.16.3 - 9.8

CVSS 45.3

CVSS 26.5

CVSS 36.3

EPSS0.00155

SSVC

CWE-89