CVEDB API

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.6%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2024-25320

Tongda2000 » Office Anywhere » Version: 11.0

cpe:2.3:a:tongda2000:office_anywhere:11.0
Tongda2000 » Office Anywhere » Version: 11.2

cpe:2.3:a:tongda2000:office_anywhere:11.2
Tongda2000 » Office Anywhere » Version: 11.6

cpe:2.3:a:tongda2000:office_anywhere:11.6
Tongda2000 » Office Anywhere » Version: 11.7

cpe:2.3:a:tongda2000:office_anywhere:11.7
Tongda2000 » Office Anywhere » Version: 11.9

cpe:2.3:a:tongda2000:office_anywhere:11.9
Tongda2000 » Office Anywhere » Version: 2017

cpe:2.3:a:tongda2000:office_anywhere:2017