cbcvebase.

Tongda2000 Office Anywhere vulnerabilities

27 known vulnerabilities affecting tongda2000/office_anywhere.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL23HIGH2MEDIUM2

Vulnerabilities

Page 2 of 2
CVE-2024-10732P3CRITICALCVSS 9.8≥ 11.0, ≤ 11.10v20172024-11-03
CVE-2024-10732 [CRITICAL] CWE-89 CVE-2024-10732: A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma
nvd
CVE-2023-5497P3HIGHCVSS 8.8≥ 11.10v20172023-10-10
CVE-2023-5497 [HIGH] CWE-89 CVE-2023-5497: A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknow A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 i
nvd
CVE-2019-9759P3CRITICALCVSS 9.8v10.18.1901212019-04-02
CVE-2019-9759 [CRITICAL] CWE-89 CVE-2019-9759: An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerabili An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.
nvd
CVE-2024-25320P3CRITICALCVSS 9.8≥ 11.0, < 11.10v20172024-02-16
CVE-2024-25320 [CRITICAL] CWE-89 CVE-2024-25320: Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.
nvd
CVE-2024-10599P3HIGHCVSS 7.5≥ 11.0, ≤ 11.7v20172024-10-31
CVE-2024-10599 [HIGH] CWE-400 CVE-2024-10599: A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. T A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2024-10598P3MEDIUMCVSS 6.5≥ 11.2, ≤ 11.62024-10-31
CVE-2024-10598 [MEDIUM] CWE-285 CVE-2024-10598: A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnera A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the p
nvd
CVE-2023-7180P4MEDIUMCVSS 4.3fixed in 11.102023-12-30
CVE-2023-7180 [MEDIUM] CWE-89 CVE-2023-7180: A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is ab
nvd
Tongda2000 Office Anywhere vulnerabilities | cvebase