关键信息 漏洞名称: TONGDA OA UP TO 11.10 CHECK_SEAL.PHP ID SQL INJECTION 漏洞编号: VDB-282628 CVE-2024-10617 受影响版本: Tongda OA up to 11.10 漏洞描述: CVSS Meta Temp Score: 6.0 Current Exploit Price: $0-$5k CTI Interest Score: 1.26 漏洞影响: CWE-89: SQL injection vulnerability Description: The manipulation of the argument with an unknown input leads to a SQL injection vulnerability. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. 影响: Confidentiality, Integrity, and Availability 漏洞披露: GitHub: github.com CVE编号: CVE-2024-10617 Exploit availability: The exploit has been disclosed to the public and may be used. 技术细节: Exploit availability: The technical details and a public exploit are known. MITRE ATT&CK: The attack technique is T1505. 利用方式: Remote exploitation: The attack can be initiated remotely. Google Hacking: By approaching the search of , it is possible to find vulnerable targets. 建议措施: Countermeasures: There is no information about possible countermeasures known. Alternative product: It may be suggested to replace the affected object with an alternative product.