Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2023-7180 Vulnerability ID: VDB-249367 Product: Tongda OA Affected Versions: 2017 up to 11.9 Vulnerability Details Vulnerability Type: SQL Injection File: Vulnerable Parameter: CVSS Meta Temp Score: 4.9 Exploit Price: $0-$5k CTI Interest Score: 0.00 Vulnerability Description Classification: Critical The vulnerability arises when the parameter is manipulated, leading to SQL injection within an unknown function in the file . The CWE classification for this vulnerability is CWE-89, indicating improper neutralization of special elements used in SQL commands. The vulnerability impacts confidentiality, integrity, and availability. Other Information Disclosure Date: 12/29/2023 Exploit Availability: A public exploit is known to be available. Attack Technique: T1505 according to MITRE ATT&CK Vendor Response: No response from the vendor following initial contact regarding the disclosure.