CNNVD-202602-2103 Information

CNNVD ID

CNNVD-202602-2103

Related CVE

CVE-2025-70981

• CNNVD Published: 2026-02-12

Description (Chinese)

FIT2CLOUD CordysCRM是中国飞致云（FIT2CLOUD）公司的一个客户关系管理系统。 FIT2CLOUD CordysCRM 1.4.1版本存在安全漏洞，该漏洞源于/user/list接口中的departmentIds参数存在缺陷，可能导致SQL注入攻击。

Description (English)

FIT2Cloud CordysCRM is a customer relationship management system of the Chinese company FIT2CLOUD. There is a security loophole in version 1.4.1 of FIT2CLUD CodesCRM, which stems from defects in the parameters of the DepartIDs in the /user/list interface, which could lead to an SQL injection attack.

Vulnerability Type

其他

Affected Vendor

飞致云

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/Tomikun2/SQL-Injection-in-CordysCRM/blob/main/README.md https://access.redhat.com/security/cve/cve-2025-70981

Patch

https://community.fit2cloud.com/#/products/cordys-crm/downloads