CNNVD-202508-1372 Information

CNNVD ID

CNNVD-202508-1372

Related CVE

CVE-2025-8908

• CNNVD Published: 2025-08-13

Description (Chinese)

Lingdang CRM（灵当CRM）是中国灵当（Lingdang）公司的一个客户关系管理系统。 Lingdang CRM 8.6.5.4及之前版本存在安全漏洞，该漏洞源于文件crm/WeiXinApp/yunzhijia/event.php中openid参数操作导致SQL注入攻击。

Description (English)

Lingdang CRM is a customer relationship management system for Lingdang, China. Lingdang CRM 8.6.5.4 and previous versions contain a security loophole, which stems from the operation of the Openid parameter in document crm/WeiXinApp/yunzhijia/event.php, which resulted in the SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

灵当

Published

2025-08-13

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.319862 https://github.com/jackyliu666/event/ https://vuldb.com/?submit.626276 https://vuldb.com/?id.319862 https://github.com/jackyliu666/blob2/blob/main/README.md https://nvd.nist.gov/vuln/detail/CVE-2025-8908