CVE-2023-4166 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection in Tongda OA! 📉 **Consequences**: Attackers can manipulate database queries via the `DELETE_STR` parameter in `general/system/seal_manage/dianju/delete_log.php`.…

🛡️ **Root Cause**: **CWE-89** (SQL Injection). 🐛 **Flaw**: The application fails to properly sanitize user input before constructing SQL DELETE statements. Untrusted data is executed as code! ⚠️

🏢 **Affected**: **Tongda OA** (Office Anywhere). 📦 **Component**: Specifically the `seal_manage/dianju/delete_log.php` module.…

💻 **Hackers Can**: Execute arbitrary SQL commands! 🗄️ **Impact**: Read sensitive data (users, configs), modify records, or even delete logs.…

🔑 **Threshold**: **Medium**. 🛑 **Auth Required**: Yes, **PR:L** (Low Privileges) needed. 🌐 **Access**: Network Accessible (**AV:A**). 🚫 **UI**: No User Interaction needed (**UI:N**).…

🔥 **Public Exp**: **YES**! 🐍 **PoC**: Python scripts available on GitHub (e.g., `mvpyyds/CVE-2023-4166`). 📡 **Usage**: Supports single URL or batch scanning (`-f url.txt`).…

🔍 **Self-Check**: Use FOFA search for `通达 OA`. 🧪 **Verify**: Run the Python PoC against your URLs. 📝 **Target**: Check if `general/system/seal_manage/dianju/delete_log.php` responds to SQL injection payloads.…

🛠️ **Fix**: Official patches are implied by the CVE publication date (2023-08-05). 📥 **Action**: Update Tongda OA to the latest secure version immediately.…

🚧 **No Patch?**: Implement WAF rules to block SQL injection patterns in `DELETE_STR`. 🔒 **Mitigation**: Restrict access to `delete_log.php` via IP whitelisting.…

⚡ **Urgency**: **HIGH**! 🚨 **Priority**: Patch immediately! 📉 **Risk**: CVSS 7.5 (High). 📢 **Reason**: Easy to exploit, public PoCs exist, and it affects critical business data. Don't wait! ⏳