Xcdw666

**Name of the Vulnerable Software and Affected Versions** Lingdang CRM versions up to 8.6.4.7 **Description** A vulnerability exists in the HTTP POST Request Handler component of Lingdang CRM. The manipulation of the `getvaluestring` argument in the `/crm/crmapi/erp/tabdetail moduleSave dxkp.php` endpoint leads to SQL injection. The attack can be initiated remotely. **Recommendations** Upgrade to version 8.6.5.2 or later.