cbcvebase.

Tongda2000 Tongda Office Anywhere vulnerabilities

29 known vulnerabilities affecting tongda2000/tongda_office_anywhere.

Total CVEs
29
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL19HIGH9MEDIUM1

Vulnerabilities

Page 1 of 2
CVE-2023-4166P1CRITICALCVSS 9.8ExploitedPoCv11.102023-08-05
CVE-2023-4166 [CRITICAL] CWE-89 CVE-2023-4166: A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects u A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address th
nvd
CVE-2023-5285P2HIGHCVSS 7.5Exploitedfixed in 11.10v20172023-09-29
CVE-2023-5285 [HIGH] CWE-89 CVE-2023-5285: A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability i A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upg
nvd
CVE-2023-4165P2CRITICALCVSS 9.8v11.102023-08-05
CVE-2023-4165 [CRITICAL] CWE-89 CVE-2023-4165: A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown p A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this
nvd
CVE-2023-6053P3CRITICALCVSS 9.8fixed in 11.102023-11-09
CVE-2023-6053 [CRITICAL] CWE-89 CVE-2023-6053: A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affe A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to v
nvd
CVE-2023-6052P3CRITICALCVSS 9.8fixed in 11.102023-11-09
CVE-2023-6052 [CRITICAL] CWE-89 CVE-2023-6052: A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an u A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address t
nvd
CVE-2023-6084P3CRITICALCVSS 9.8fixed in 11.10v20172023-11-12
CVE-2023-6084 [CRITICAL] CWE-89 CVE-2023-6084: A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to addres
nvd
CVE-2023-2738P3CRITICALCVSS 9.8v11.102023-05-16
CVE-2023-2738 [CRITICAL] CWE-434 CVE-2023-2738: A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this
nvd
CVE-2023-5780P3CRITICALCVSS 9.8fixed in 11.102023-10-26
CVE-2023-5780 [CRITICAL] CWE-89 CVE-2023-5780: A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public an
nvd
CVE-2023-6885P3CRITICALCVSS 9.8≤ 11.10v20172023-12-16
CVE-2023-6885 [CRITICAL] CWE-89 CVE-2023-6885: A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was
nvd
CVE-2023-5781P3CRITICALCVSS 9.8fixed in 11.102023-10-26
CVE-2023-5781 [CRITICAL] CWE-89 CVE-2023-5781: A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issu A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associa
nvd
CVE-2023-6054P3CRITICALCVSS 9.8fixed in 11.102023-11-09
CVE-2023-6054 [CRITICAL] CWE-89 CVE-2023-6054: A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affe A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue
nvd
CVE-2023-5782P3CRITICALCVSS 9.8fixed in 11.102023-10-26
CVE-2023-5782 [CRITICAL] CWE-89 CVE-2023-5782: A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabil
nvd
CVE-2023-5019P3CRITICALCVSS 9.8fixed in 11.102023-09-17
CVE-2023-5019 [CRITICAL] CWE-89 CVE-2023-5019: A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown co A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to
nvd
CVE-2023-5682P3CRITICALCVSS 9.8fixed in 11.10v20172023-10-20
CVE-2023-5682 [CRITICAL] CWE-89 CVE-2023-5682: A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affe A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issu
nvd
CVE-2023-5265P3CRITICALCVSS 9.8fixed in 11.10v20172023-09-29
CVE-2023-5265 [CRITICAL] CWE-89 CVE-2023-5265: A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by thi A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10
nvd
CVE-2023-5261P3CRITICALCVSS 9.8fixed in 11.10v20172023-09-29
CVE-2023-5261 [CRITICAL] CWE-89 CVE-2023-5261: A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unkno A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to addr
nvd
CVE-2024-1252P3CRITICALCVSS 9.8fixed in 11.102024-02-06
CVE-2024-1252 [CRITICAL] CWE-89 CVE-2024-1252: A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vuln A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11
nvd
CVE-2022-24206P3CRITICALCVSS 9.8v11.102022-02-14
CVE-2022-24206 [CRITICAL] CWE-89 CVE-2022-24206: Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.p Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
nvd
CVE-2022-23902P3CRITICALCVSS 9.8v11.102022-02-14
CVE-2022-23902 [CRITICAL] CWE-89 CVE-2022-23902: Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
nvd
CVE-2023-5267P3CRITICALCVSS 9.8fixed in 11.10v20172023-09-29
CVE-2023-5267 [CRITICAL] CWE-89 CVE-2023-5267: A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affe A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issu
nvd
Tongda2000 Tongda Office Anywhere vulnerabilities | cvebase