📦 Office Anywhere

This CVE describes a SQL injection vulnerability in Tongda OA software that allows attackers to execute arbitrary SQL commands via the $AFF_ID parameter in the /affair/delete.php endpoint. Organizatio...

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands through the appid parameter in pda/appcenter/submenu.php. Organizations using Tongda OA...

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands via the ID parameter in /pda/appcenter/check_seal.php. This could lead to data theft, m...

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands via the ID parameter in /pda/approve_center/check_seal.php. Organizations using Tongda ...

This critical SQL injection vulnerability in Tongda OA 2017 allows remote attackers to execute arbitrary SQL commands via the mr_id parameter in /pda/meeting/apply.php. Organizations using Tongda OA 2...

This critical SQL injection vulnerability in Tongda OA 2017 allows remote attackers to execute arbitrary SQL commands via the repid parameter in /pda/reportshop/record_detail.php. Organizations using ...

This critical SQL injection vulnerability in Tongda OA allows remote attackers to execute arbitrary SQL commands by manipulating the saleId parameter in the /pda/workflow/webSignSubmit.php file. Organ...

This CVE describes a critical SQL injection vulnerability in Tongda OA 2017 through version 11.9. Attackers can exploit the /general/approve_center/list/input_form/data_picker_link.php file by manipul...

This critical vulnerability in Tongda OA allows attackers to bypass authorization controls in the annual leave management component, potentially accessing or manipulating sensitive HR data. It affects...