CVE-2023-5019

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 17, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-5019 is a critical vulnerability affecting Tongda OA's unknown code in the file delete.php located in the general/hr/manage/staff_reinstatement directory. This issue enables attackers to execute SQL injection by manipulating the REINSTATEMENT_ID argument, which can be exploited remotely. The exploit has been made public, increasing the risk of potential attacks. Upgrading to Tongda OA version 11.10 is the recommended solution to resolve this vulnerability, identified as VDB-239860.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ss2Gi4
https://www.cve.org/CVERecord?id=CVE-2023-5019
https://nvd.nist.gov/vuln/detail/CVE-2023-5019

Back to Vulnerability Database

CVE-2023-5019

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations