Vulnerability CVE-2023-5023


Published: 2023-09-17   Modified: 2023-09-19

Description:
A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://vuldb.com/?ctiid.239864
https://vuldb.com/?id.239864
https://github.com/RCEraser/cve/blob/main/sql_inject_3.md

Copyright 2023, cxsecurity.com

 

Back to Top