Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

office_anywhere_2017

Source -

ADP

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2024-25320
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.36%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:00
Updated-19 Mar, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.

Action-Not Available
Vendor-tongda2000n/atongda2000
Product-office_anywheren/aoffice_anywhere_2017
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1251
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 16:00
Updated-01 Aug, 2025 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tongda OA 2017 delete.php sql injection

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-tongda2000Tongdatongda2000
Product-office_anywhereOA 2017office_anywhere_2017
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')