CNNVD-202509-1237 Information

CNNVD ID

CNNVD-202509-1237

Related CVE

CVE-2025-5005

• CNNVD Published: 2025-09-09

Description (Chinese)

Lingdang CRM（灵当CRM）是中国灵当（Lingdang）公司的一个客户关系管理系统。 Lingdang CRM 8.6.5.4及之前版本存在安全漏洞，该漏洞源于对文件crm/WeiXinApp/dingtalk/index_event.php中参数corpurl的错误操作导致服务端请求伪造。

Description (English)

Lingdang CRM is a customer relationship management system for Lingdang, China. Lingdang CRM 8.6.5.4 and previous versions contain a security loophole, which stems from the mishandling of the parameter curpurl in document crm/WeiXinApp/dingtalk/index event.php, which resulted in the forgery of the service request.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

灵当

Published

2025-09-09

Last Modified

2026-02-24

References

https://vuldb.com/?submit.636882 https://vuldb.com/?ctiid.323233 https://vuldb.com/?id.323233 https://github.com/jackyliu666/dingtalk https://access.redhat.com/security/cve/cve-2025-5005