5Kcrm Wukongcrm vulnerabilities
5 known vulnerabilities affecting 5kcrm/wukongcrm.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-2141P3HIGHCVSS 8.8≥ 11.0, ≤ 11.3.32026-02-08
CVE-2026-2141 [HIGH] CWE-266 CVE-2026-2141: A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unkn
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit h
nvd
CVE-2024-23052P3CRITICALCVSS 9.8v9.0.1_201912022024-02-29
CVE-2024-23052 [CRITICAL] CWE-502 CVE-2024-23052: An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute ar
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
nvd
CVE-2025-5521P3HIGHCVSS 8.8v9.02025-06-03
CVE-2025-5521 [HIGH] CWE-352 CVE-2025-5521: A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Af
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The
nvd
CVE-2025-60828P4MEDIUMCVSS 6.5v9.02025-10-08
CVE-2025-60828 [MEDIUM] CWE-502 CVE-2025-60828: WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExa
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.
nvd
CVE-2025-8852P4MEDIUMCVSS 4.3v11.02025-08-11
CVE-2025-8852 [MEDIUM] CWE-200 CVE-2025-8852: A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of t
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd