Tongda2000 is a web-based intelligent office system from Tongda, China. a SQL injection vulnerability exists in Tongda2000 v11.10, which stems from the productβs failure to effectively filter the special characters in the DELETE_STR parameter data in the change_box.php file. An attacker could use this vulnerability to execute malicious SQL.