PT-2025-30087 · Bosssoft · Bosssoft Crm Version 6.0
Cc2024K
·
Published
2025-07-18
·
Updated
2025-07-18
·
CVE-2025-7801
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BossSoft CRM version 6.0
Description
A critical issue exists in BossSoft CRM 6.0 related to SQL injection. The vulnerability is located in an unknown functionality within the file
/crm/module/HNDCBas customPrmSearchDtl.jsp. Manipulation of the cstid argument can lead to exploitation, allowing for remote attacks. The exploit has been publicly disclosed.Recommendations
Address the SQL injection issue in the
/crm/module/HNDCBas customPrmSearchDtl.jsp file by sanitizing or validating the cstid argument.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bosssoft Crm Version 6.0