CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6276

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.2%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/YXuanZ1216/cve/blob/main/sql.md
https://vuldb.com/?ctiid.246105
https://vuldb.com/?id.246105
https://github.com/YXuanZ1216/cve/blob/main/sql.md
https://vuldb.com/?ctiid.246105
https://vuldb.com/?id.246105

Products affected by CVE-2023-6276

Tongda2000 » Tongda Office Anywhere » Version: Any

cpe:2.3:a:tongda2000:tongda_office_anywhere:*
Tongda2000 » Tongda Office Anywhere » Version: 2017

cpe:2.3:a:tongda2000:tongda_office_anywhere:2017

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6276

Products

Pricing

Contact Us