CVE-2023-7022 in OA 2017
Summary
by MITRE • 12/21/2023
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/19/2025
The vulnerability identified as CVE-2023-7022 represents a critical sql injection flaw within the Tongda OA 2017 through 11.9 application suite, specifically targeting the general/work_plan/manage/delete_all.php component. This vulnerability resides in the handling of the DELETE_STR parameter, which when manipulated allows attackers to execute arbitrary sql commands against the underlying database system. The affected functionality operates within the work plan management module, suggesting potential impacts on organizational planning and scheduling data within the oa system. The vulnerability's classification as critical stems from its remote exploitability and the disclosed public availability of exploitation techniques, making it immediately dangerous to unpatched systems.
The technical implementation of this vulnerability follows a classic sql injection pattern where user-supplied input from the DELETE_STR parameter is directly incorporated into sql query construction without proper sanitization or parameterization. This flaw enables attackers to manipulate the sql execution flow by injecting malicious sql payloads through the DELETE_STR argument, potentially allowing for data extraction, modification, or deletion of sensitive organizational information. The attack vector is remote, meaning that exploitation does not require physical access to the target system, and can be executed from any network location. The vulnerability's presence in the work plan management functionality indicates that attackers could potentially disrupt organizational workflows while simultaneously accessing confidential data stored within the oa system's database.
The operational impact of this vulnerability extends beyond simple data compromise, as it could enable attackers to gain unauthorized access to sensitive organizational information, manipulate work plan data, and potentially escalate privileges within the system. The remote exploitability means that organizations with exposed oa systems are immediately at risk, particularly if the application is accessible from external networks without proper security controls. Given that the vendor did not respond to early disclosure attempts, organizations may face prolonged exposure without official patches or mitigation guidance. The vulnerability's exploitation could result in significant business disruption, data loss, and potential regulatory compliance violations depending on the nature of the information stored within the oa system's database.
Organizations should immediately implement network-level mitigations including firewall rules to restrict access to the affected component, disable unnecessary remote access to the oa system, and deploy web application firewalls to detect and block sql injection attempts. System administrators should conduct immediate vulnerability assessments to identify all instances of the affected Tongda OA versions and prioritize patching efforts. The implementation of input validation and parameterized queries should be enforced throughout the application to prevent similar vulnerabilities from existing in other components. Additionally, organizations should monitor network traffic for exploitation attempts and implement intrusion detection systems to identify potential sql injection attacks targeting the affected functionality. Security teams should also consider conducting penetration testing to verify the effectiveness of implemented controls and ensure complete remediation of the vulnerability across all affected systems. This vulnerability aligns with CWE-89 sql injection and represents a significant risk under the ATT&CK framework's credential access and persistence tactics, potentially enabling attackers to maintain long-term access to organizational data and systems.