CVE-2023-6276 is a critical SQL Injection vulnerability identified in Tongda OA 2017 versions up to 11.9, specifically affecting the file general/wiki/cp/ct/delete.php. The vulnerability arises from improper sanitization of the PROJ_ID_STR parameter, which can be manipulated by an attacker to inject malicious SQL commands. This flaw allows remote attackers to execute arbitrary SQL queries on the backend database without requiring user interaction, but does require some level of privileges (PR:L) as indicated by the CVSS vector. Exploitation could lead to unauthorized data disclosure, modification, or deletion, impacting confidentiality, integrity, and availability of the system. Although no known exploits are currently reported in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The issue is resolved by upgrading to Tongda OA 2017 version 11.10 or later. The CVSS v3.1 base score is 6.3 (medium severity), reflecting network attack vector, low attack complexity, privileges required, no user interaction, and partial impact on confidentiality, integrity, and availability.

For European organizations using Tongda OA 2017, this vulnerability poses a significant risk to sensitive business data managed within the OA platform. Successful exploitation could lead to data breaches involving confidential project information, unauthorized data manipulation, or service disruption. Given that Tongda OA is an office automation system commonly used for internal collaboration and document management, compromise could facilitate lateral movement within corporate networks, potentially exposing other critical systems. The medium severity rating suggests moderate impact, but the critical nature of SQL injection vulnerabilities and the public disclosure increase urgency. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, face heightened compliance risks and potential legal consequences if exploited. Additionally, the remote attack vector means attackers can exploit the vulnerability without physical access, increasing the threat surface.

European organizations should prioritize upgrading Tongda OA 2017 installations to version 11.10 or later to remediate this vulnerability. Until the upgrade is applied, organizations should implement strict input validation and sanitization on the PROJ_ID_STR parameter at the web application firewall (WAF) or reverse proxy level to block malicious SQL payloads. Employing database activity monitoring can help detect anomalous queries indicative of exploitation attempts. Restricting database user privileges associated with the OA application to the minimum necessary can limit the impact of a successful injection. Network segmentation should isolate the OA system from sensitive backend systems to reduce lateral movement risk. Regularly auditing and monitoring logs for unusual access patterns or errors related to the affected endpoint (general/wiki/cp/ct/delete.php) is recommended. Finally, organizations should ensure timely application of security patches and maintain an incident response plan tailored to web application attacks.