Vulnerabilities > CVE-2024-25320 - Unspecified vulnerability in Tongda2000 Office Anywhere

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2024-02-16

Updated: 2025-03-19

Summary

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.

Part	Description	Count
Application	Tongda2000 Tongda2000 Office Anywhere 2017 Tongda2000 Office Anywhere 11.0 Tongda2000 Office Anywhere 11.2 Tongda2000 Office Anywhere 11.6 Tongda2000 Office Anywhere 11.7 Tongda2000 Office Anywhere 11.9	6