Cyber Resilience

CVE-2023-4166

MediumPublic PoC

Published: 05 August 2023

Published
05 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.8797 99.5th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4166 is a medium-severity SQL Injection (CWE-89) vulnerability in Tongda2000 Tongda Office Anywhere. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-4166 is a SQL injection vulnerability in Tongda OA, specifically in the file general/system/seal_manage/dianju/delete_log.php. The flaw arises from improper handling of the DELETE_STR argument, allowing an attacker to inject arbitrary SQL commands. It was assigned CWE-89 and carries a CVSS 3.1 score of 5.5.

An authenticated local attacker on the same network segment can exploit the issue to read or modify limited data and potentially disrupt availability. Public proof-of-concept code has been released, confirming that the manipulation succeeds without user interaction or elevated privileges beyond a standard account.

The vendor recommends upgrading Tongda OA to version 11.10 to resolve the vulnerability. No official vendor advisory or patch details beyond this version recommendation have been published, and early disclosure attempts received no response.

The EPSS score has remained steady at 0.8797 since publication, indicating sustained but not newly emerging exploitation interest.

EU & UK References

Vulnerability details

A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and…

more

may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tongda2000
tongda office anywhere
11.10

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References