48 matches found
CVE-2024-10731
A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/checkseal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...
CVE-2024-10599
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/packagestaticresources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been...
PT-2024-16494 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue was found in Tongda OA, affecting an unknown function of the file /pda/appcenter/check seal.php. The manipulation of the ID argument leads to SQL injection. It is possible to launch...
CVE-2024-10657
A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approvecenter/prcsinfo.php. The manipulation of the argument RUNID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...
CVE-2024-10656
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed ...
CVE-2024-10619
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /pda/reportshop/nextdetail.php. The manipulation of the argument repid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-10617
A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publi...
PT-2024-16436 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the ID argument leads to SQL injection. The...
PT-2024-16433 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions 2017 up to 11.9 Description: A critical issue has been identified, affecting unknown code in the file /pda/reportshop/new.php. The manipulation of the repid argument leads to SQL injection. This issue can be exploited...
PT-2024-16395 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions 11.2 through 11.6 Description: A critical vulnerability was found in Tongda OA, affecting unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads t...
PT-2024-16413 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting the file /pda/workflow/check seal.php. The manipulation of the ID argument leads to SQL injection. The attack can be initiated remotely...
VulnCheck KEV: CVE-2023-4166
A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/sealmanage/dianju/deletelog.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to the public and may be...
CVE-2024-1252
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...
CVE-2023-7180
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJIDSTR leads to sql injection. The exploit has been disclosed to the...
CVE-2023-7021
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/deletesearch.php. The manipulation of the argument VUID leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2023-6607
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to t...
CVE-2023-6276
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJIDSTR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
The vulnerability of the DELETE_STR script (General/system/censor_words/module/delete.php) in the Tongda OA automation tool allows a hacker to execute arbitrary SQL queries.
The vulnerability of the delete.php script General/system/censorwords/module/delete.php, a tool for automating business processes in Tongda OA, is related to the failure to protect the SQL query structure during the processing of the DELETESTR parameter. Exploiting this vulnerability allows an...
The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool allows a hacker to execute arbitrary SQL code.
The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool for business processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
CVE-2023-6084
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...