Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4166

Published: 05/08/2023 Updated: 17/05/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Tongda2000

Vulnerability Summary

A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Product Search on Vulmon Subscribe to Product

tongda2000 tongda office anywhere 11.10

Github Repositories

https://github.com/passwa11/2023Hvv_

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto

https://github.com/mvpyyds/CVE-2023-4166

CVE-2023-4166 fofa:通达 OA python3 CVE-2023-4165py -h python3 CVE-2023-4165py -u 单个url目标文件 python3 CVE-2023-4165py -f urltxt 然后验证地址即可

https://github.com/ggjkjk/1444

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月16新增 Smart S85F 任意文件读取 帆软channel序列化 泛微Ecology未授权 泛微Ecology OA 前台任意SQL语句执行 HiKVISION 综合

https://github.com/Ultramanzhang/obsfir

观火 观火(obsfir observe fire),观有监视,洞察之意,火寓意着危险,观火二字取之动若观火,寓意将事物观察的十分之细致。 已实现漏洞验证脚本 Smartbi 身份认证绕过漏洞 金蝶云星空 RCE漏洞 阿里云漏洞库爬虫 通达OA sql注入漏洞(CVE-2023-4166) Jquery xss 声明 该项目由观火项目组维护开发,

https://github.com/ZUEB-CybersecurityGroup/obsfir

观火poc验证项目

观火 观火(obsfir observe fire),观有监视,洞察之意,火寓意着危险,观火二字取之动若观火,寓意将事物观察的十分之细致。 已实现漏洞验证脚本 Smartbi 身份认证绕过漏洞 金蝶云星空 RCE漏洞 阿里云漏洞库爬虫 通达OA sql注入漏洞(CVE-2023-4166) Jquery xss 广联达OA sql注入 Apache RocketMQ 命令注入

https://github.com/ibaiw/2023Hvv

2023 HVV情报速递~

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto

References

CWE-89https://vuldb.com/?ctiid.236182https://github.com/Das1yGa0/cve/blob/main/sql.mdhttps://vuldb.com/?id.236182https://nvd.nist.govhttps://github.com/passwa11/2023Hvv_https://github.com/ZUEB-CybersecurityGroup/obsfir
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook