Tongda OA web_show.php sql injection

A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere是中国通达（TONGDA）公司的一套协同办公OA系统。 TONGDA Office Anywhere存在SQL注入漏洞，该漏洞源于/pda/appcenter/web_show.php页面的ID参数包含一个SQL注入漏洞。

N/A

N/A