CNNVD-202508-2099 Information

Aug 19, 2025 cve

CNNVD ID

CNNVD-202508-2099

CVE-2025-9140

CNNVD Published: 2025-08-19

Description (Chinese)

Lingdang CRM（灵当CRM）是中国灵当（Lingdang）公司的一个客户关系管理系统。 Lingdang CRM 8.6.4.7及之前版本存在SQL注入漏洞，该漏洞源于/crm/crmapi/erp/tabdetail_moduleSave.php文件getvaluestring参数操作不当，可能导致SQL注入。

Description (English)

Lingdang CRM is a customer relationship management system for Lingdang, China. Lingdang CRM 8.6.4.7 and earlier versions contain an injection loophole in SQL, which arises from/crm/crmapi/erp/tabdetail moduleSave.php filegetvaluestring parameters that may have been misfunctioning and may have led to SQL injections.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

灵当

Published

2025-08-19

Last Modified

2026-02-24

References

https://www.notion.so/SQL2-2459bb66b0a5802ba8e9ca5bc775fc7d?source=copy_link https://vuldb.com/?ctiid.320520 https://vuldb.com/?submit.628087 https://vuldb.com/?id.320520 https://access.redhat.com/security/cve/cve-2025-9140 https://nvd.nist.gov/vuln/detail/CVE-2025-9140 https://www.exploit-db.com/exploits/52420

Share on: