Overview
- Description
- A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- cna@vuldb.com
- CWE-89
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10602 (Published: 2024-11-01) - Critical vulnerability in Beijing Tongda Xinke Technology Co., Ltd products. Affects multiple versions. Immediate remediation is essential! For details and fixes, visit: https://t.co/Rk9AG5of1B #CyberSecurity #VulnerabilityAlert #CVE
@transilienceai
4 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10602 (Published: 2024-11-01) - A critical vulnerability in Beijing Tongda Xinke Technology Co., Ltd's product affects multiple versions. Users are urged to update to the latest patch immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/Rk9AG5of1B… h
@transilienceai
4 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10602 (Published: 2024-11-01) - Critical vulnerability in TONGDA VDB-282614. Affects multiple versions. Immediate remediation is essential! Ensure your systems are updated and patched to protect against potential exploits. More info: https://t.co/V5fE2ub85i… https://t
@transilienceai
4 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10602 (Published: 2024-11-01) - Critical vulnerability in TONGDA VDB-282614. Affects specific versions; immediate remediation is essential! Ensure your systems are updated to the latest patches to mitigate risks. For more details, visit: https://t.co/V5fE2ub85i… https
@transilienceai
4 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10602 (Published: 2024-11-01) - A critical vulnerability in TONGDA VDB-282614 affects multiple versions. Users are urged to update to the latest patched version immediately to mitigate risks. For more details, visit: https://t.co/V5fE2ub85i #CyberSecurity… https://t.c
@transilienceai
4 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10602 Critical SQL Injection Vulnerability in Tongda OA 2017 to 11.9 A serious vulnerability is in Tongda OA 2017 up to version 11.9. It is in the file /general/approve_center/list/input_form/data_picker... https://t.co/wcjKpkmI4Y
@VulmonFeeds
1 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10602 A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_c… https://t.co/7uX5Te0Jul
@CVEnew
31 Oct 2024
622 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "353F28DF-DFC8-4206-A613-5E15AB3F4D7D",
"versionEndIncluding": "11.9",
"versionStartIncluding": "11.0"
},
{
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
],
"operator": "OR"
}
]
}
]