Paatiw

#8190of 53,635
33.6Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2025-49396
6.5
2025-12-07
Yonyou · Yonyou U8 Cloud · CVE-2025-14185
**Name of the Vulnerable Software and Affected Versions** Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp **Description** A SQL injection issue exists in Yonyou U8 Cloud. The issue is due to manipulation of the `usercode` argument within an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. This manipulation can be exploited remotely. The exploit is publicly available. **Recommendations** Versions prior to 5.0sp, 5.1, and 5.1sp should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-36770
7.5
2025-09-09
Shanghai Lingdang Information Technology · Lingdang Crm · CVE-2025-5005
Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions through 8.6.5.4 Description: A server-side request forgery (SSRF) issue exists in Shanghai Lingdang Information Technology Lingdang CRM. The vulnerability is due to the manipulation of the `corpurl` argument within an unknown function of the `crm/WeiXinApp/dingtalk/index event.php` file. This allows for remote attacks. The exploit is publicly available. Recommendations: Versions prior to 8.6.5.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-32987
9.8
2025-08-13
Unknown · Lingdang Crm · CVE-2025-8908
Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions through 8.6.5.4 Description: A SQL injection issue exists in the crm/WeiXinApp/yunzhijia/event.php file. Manipulation of the `openid` argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed and may be used. Recommendations: Upgrade to version 8.6.5 or later. Upgrade the affected component.
PT-2025-31468
9.8
2025-07-31
Shanghai Lingdang Information Technology · Lingdang Crm · CVE-2025-8345
**Name of the Vulnerable Software and Affected Versions** Lingdang CRM versions up to 8.6.4.7 **Description** A critical issue exists in Shanghai Lingdang Information Technology Lingdang CRM. The `delete user` function within the `crm/WeiXinApp/yunzhijia/yunzhijiaApi.php` file is susceptible to SQL injection due to manipulation of the `function` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Upgrade to version 8.6.5.2 to address this issue.