CVE-2024-10731 – This critical SQL injection vulnerability in To... (How to Fix)

Q: What is the severity of CVE-2024-10731?

CVE-2024-10731 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands via the ID parameter in /pda/appcenter/check_seal.php. This could lead to data theft, modification, or deletion. Organizations using Tongda OA versions up to 11.10 are affected.

📋 TL;DR

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands via the ID parameter in /pda/appcenter/check_seal.php. This could lead to data theft, modification, or deletion. Organizations using Tongda OA versions up to 11.10 are affected.

💻 Affected Systems

Products:

Tongda OA

Versions: Up to and including 11.10

Operating Systems: All platforms running Tongda OA

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable file accessible are affected

📦 What is this software?

Office Anywhere by Tongda2000

View all CVEs affecting Office Anywhere →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, or system takeover

🟠

Likely Case

Unauthorized data access, data manipulation, or denial of service

🟢

If Mitigated

Limited impact with proper input validation and database permissions

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication

🏢 Internal Only: HIGH - Internal attackers could exploit this vulnerability

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check Tongda vendor website for updates or apply workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the ID parameter before processing

Modify check_seal.php to validate ID parameter as integer using is_numeric() or similar

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts on /pda/appcenter/check_seal.php

🧯 If You Can't Patch

Restrict access to /pda/appcenter/check_seal.php using network ACLs or authentication
Implement database-level controls with minimal privileges for the application user

🔍 How to Verify

Check if Vulnerable:

Check if /pda/appcenter/check_seal.php exists and is accessible, and verify Tongda OA version is ≤11.10

Check Version:

Check Tongda OA admin panel or configuration files for version information

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to check_seal.php with suspicious ID parameters

Network Indicators:

HTTP requests to /pda/appcenter/check_seal.php with SQL injection patterns in parameters

SIEM Query:

source="web_logs" AND uri="/pda/appcenter/check_seal.php" AND (param="ID" AND value MATCH "'.*[UNION|SELECT|INSERT|UPDATE|DELETE|DROP].*')"

📊 Metadata

CVE ID: CVE-2024-10731

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: November 3, 2024

Last Updated: November 4, 2024

🔗 References

https://github.com/LvZCh/td/issues/16 Exploit
https://vuldb.com/?ctiid.282900 Permissions Required
https://vuldb.com/?id.282900 Third Party Advisory
https://vuldb.com/?submit.433531 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10731, you might also want to check these: