cbcvebase.

Shanghai Lingdang Information Technology Lingdang Crm vulnerabilities

8 known vulnerabilities affecting shanghai_lingdang_information_technology/lingdang_crm.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-9140P2HIGHCVSS 8.8PoCv8.6.4.0v8.6.4.1+6 more2025-08-19
CVE-2025-9140 [HIGH] CWE-74 CVE-2025-9140: A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4. A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly av
nvd
CVE-2025-0463P3CRITICALCVSS 9.8v8.6.02025-01-14
CVE-2025-0463 [CRITICAL] CWE-284 CVE-2025-0463: A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument name leads to unrestrict
nvd
CVE-2025-0462P3CRITICALCVSS 9.8v8.6.02025-01-14
CVE-2025-0462 [CRITICAL] CWE-74 CVE-2025-0462: A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The att
nvd
CVE-2025-8345P3CRITICALCVSS 9.8v8.6.4.0v8.6.4.1+6 more2025-07-31
CVE-2025-8345 [CRITICAL] CWE-74 CVE-2025-8345: A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdan A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of the argument function leads to sql injection. The attack can be launched remotely. The exploit has
nvd
CVE-2025-8219P3CRITICALCVSS 9.8v8.6.4.0v8.6.4.1+6 more2025-07-27
CVE-2025-8219 [CRITICAL] CWE-74 CVE-2025-8219: A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POST Request Handler. The manipulation of the argument getvaluestring leads to sql injection. The at
nvd
CVE-2025-8908P3CRITICALCVSS 9.8v8.6.5.0v8.6.5.1+3 more2025-08-13
CVE-2025-8908 [CRITICAL] CWE-74 CVE-2025-8908: A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5. A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and
nvd
CVE-2025-5005P3HIGHCVSS 7.3v8.6.5.0v8.6.5.1+3 more2025-09-09
CVE-2025-5005 [HIGH] CWE-918 CVE-2025-5005: A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vend
nvd
CVE-2025-0461P3HIGHCVSS 7.5v8.6.02025-01-14
CVE-2025-0461 [HIGH] CWE-22 CVE-2025-0461: A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0. A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path
nvd
Shanghai Lingdang Information Technology Lingdang Crm vulnerabilities | cvebase