31Eki
CVE-2024-10602 | Tongda OA 2017 up to 11.9 data_picker_link.php dataSrc sql injection
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. This vulnerability is handled as CVE-2024-10602. The attack may be launched remotely. Furthermore, there is an exploit available.