Tongda2000 Tongda Office Anywhere vulnerabilities
29 known vulnerabilities affecting tongda2000/tongda_office_anywhere.
Total CVEs
29
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL19HIGH9MEDIUM1
Vulnerabilities
Page 2 of 2
CVE-2023-5023P3HIGHCVSS 8.8v20172023-09-17
CVE-2023-5023 [HIGH] CWE-89 CVE-2023-5023: A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is so
A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is V
nvd
CVE-2023-6607P3HIGHCVSS 7.5≤ 11.10v20172023-12-08
CVE-2023-6607 [HIGH] CWE-89 CVE-2023-6607: A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of t
nvd
CVE-2023-5030P3HIGHCVSS 8.8≤ 11.102023-09-17
CVE-2023-5030 [HIGH] CWE-89 CVE-2023-5030: A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerabili
A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872.
nvd
CVE-2023-6608P3HIGHCVSS 7.5v20172023-12-08
CVE-2023-6608 [HIGH] CWE-89 CVE-2023-6608: A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address
nvd
CVE-2023-5783P3HIGHCVSS 7.5fixed in 11.102023-10-26
CVE-2023-5783 [HIGH] CWE-89 CVE-2023-5783: A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed t
nvd
CVE-2023-6611P3HIGHCVSS 7.5v20172023-12-08
CVE-2023-6611 [HIGH] CWE-89 CVE-2023-6611: A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulne
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It
nvd
CVE-2023-6276P3HIGHCVSS 7.5fixed in 11.10v20172023-11-24
CVE-2023-6276 [HIGH] CWE-89 CVE-2023-6276: A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1
nvd
CVE-2023-5298P3HIGHCVSS 7.5fixed in 11.10v20172023-09-30
CVE-2023-5298 [HIGH] CWE-89 CVE-2023-5298: A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue i
A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able t
nvd
CVE-2023-5026P4MEDIUMCVSS 6.1v11.102023-09-17
CVE-2023-5026 [MEDIUM] CWE-79 CVE-2023-5026: A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown
A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The
nvd
← Previous2 / 2