关键漏洞信息 漏洞概述 CVE ID: CVE-2023-7180 Vulnerability ID: VDB-249367 Product: Tongda OA Affected Versions: 2017 up to 11.9 漏洞详情 Vulnerability Type: SQL Injection File: Vulnerable Parameter: CVSS Meta Temp Score: 4.9 Exploit Price: $0-$5k CTI Interest Score: 0.00 漏洞描述 Classification: Critical The vulnerability occurs when the parameter is manipulated, causing SQL injection in an unknown function of the file . The CWE definition for this vulnerability is CWE-89, indicating improper neutralization of special elements in SQL commands. The vulnerability affects confidentiality, integrity, and availability. Other Information Disclosure Date: 12/29/2023 Exploit Availability: A public exploit is known to be available. Attack Technique: T1505 according to MITRE ATT&CK Vendor Response: No response from the vendor after early contact about the disclosure.