Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Tongda2000 Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2738 1 Tongda2000 1 Tongda Oa 2023-05-25 N/A 9.8 CRITICAL
A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-25406 1 Tongda2000 1 Tongda2000 2022-03-03 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
CVE-2022-25405 1 Tongda2000 1 Tongda2000 2022-03-03 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.
CVE-2022-25404 1 Tongda2000 1 Tongda2000 2022-03-03 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.
CVE-2022-24206 1 Tongda2000 1 Tongda Oa 2022-02-19 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVE-2022-23902 1 Tongda2000 1 Tongda Oa 2022-02-19 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
CVE-2019-9759 1 Tongda2000 1 Office Anywhere 2019-04-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.