virus logo Intrusion Prevention

Tongda.Office.Anywhere.Unauthorized.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Unauthorized File Upload vulnerability in Tongda Office Anywhere.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted request. It allows a remote attacker to upload an arbitrary file onto vulnerable systems via a crafted request.

affected-products-logoAffected Products

Tongda OA 2013
Tongda OA 2015
Tongda OA 2016
Tongda OA 2017
Tongda OA V11

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.tongda2000.com/news/673.php

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-04-20 15.824 Sig Added
2020-04-15 15.818 Default_action:pass:drop
2020-04-13 15.815

References

https://github.com/jas502n/OA-tongda-RCE
ID 48872
Created Apr 13, 2020
Updated Apr 20, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows, MacOS
Affected App PHP_app