CVE-2025-8219

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lingdang CRM versions up to 8.6.4.7

Description A vulnerability exists in the HTTP POST Request Handler component of Lingdang CRM. The manipulation of the getvaluestring argument in the /crm/crmapi/erp/tabdetail moduleSave dxkp.php endpoint leads to SQL injection. The attack can be initiated remotely.

Recommendations Upgrade to version 8.6.5.2 or later.

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-8219

Affected Products

Lingdang Crm

CVE-2025-8219

Weakness Enumeration

Related Identifiers

Affected Products

References · 9