CVE-2024-1252
Tongda OA 2017 up to v11.9 contains a SQL injection in /general/attendance/manage/ask_duty/delete.php via the ASK_DUTY_ID parameter. The vulnerability is described as critical; exploit has been disclosed publicly. Upgrading to v11.10 mitigates the issue. As a workaround, restrict access to the af...