CVE-2024-10600 – This critical SQL injection vulnerability in To... (How to Fix)

Q: What is the severity of CVE-2024-10600?

CVE-2024-10600 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands through the appid parameter in pda/appcenter/submenu.php. Organizations using Tongda OA 2017 versions up to 11.6 are affected, potentially exposing sensitive database information.

📋 TL;DR

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands through the appid parameter in pda/appcenter/submenu.php. Organizations using Tongda OA 2017 versions up to 11.6 are affected, potentially exposing sensitive database information.

💻 Affected Systems

Products:

Tongda OA

Versions: 2017 up to 11.6

Operating Systems: Windows (typical deployment), Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the PDA module's appcenter component. All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Office Anywhere by Tongda2000

View all CVEs affecting Office Anywhere →

Office Anywhere by Tongda2000

View all CVEs affecting Office Anywhere →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including credential theft, data exfiltration, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential lateral movement within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-sensitive data.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.

🏢 Internal Only: HIGH - Internal systems remain vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details publicly disclosed on GitHub. Simple SQL injection requiring minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Upgrade to version beyond 11.6 if available, or implement workarounds.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Block SQL injection patterns targeting the vulnerable endpoint

WAF-specific rules to block: /pda/appcenter/submenu.php?appid=* with SQL patterns

Access Restriction

linux

Restrict access to vulnerable endpoint using network controls

iptables -A INPUT -p tcp --dport 80 -m string --string "/pda/appcenter/submenu.php" --algo bm -j DROP
netsh advfirewall firewall add rule name="Block Tongda Vuln" dir=in action=block program="%path%\php.exe" remoteip=any

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all appid parameters
Apply principle of least privilege to database accounts used by the application

🔍 How to Verify

Check if Vulnerable:

Check Tongda OA version in admin panel or by examining installation files. Versions 2017 up to 11.6 are vulnerable.

Check Version:

Check admin panel or examine version files in installation directory

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads after implementing fixes. Successful blocking indicates mitigation.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to /pda/appcenter/submenu.php with suspicious appid parameters
Database error messages containing SQL syntax

Network Indicators:

HTTP requests to vulnerable endpoint with SQL keywords in parameters
Unusual outbound database connections from web server

SIEM Query:

source="web_logs" AND uri="/pda/appcenter/submenu.php" AND (param="appid" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "' OR '")

📊 Metadata

CVE ID: CVE-2024-10600

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: October 31, 2024

Last Updated: November 4, 2024

🔗 References

https://github.com/LvZCh/td/issues/3 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.282612 Permissions Required,VDB Entry
https://vuldb.com/?id.282612 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.433497 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10600, you might also want to check these: