A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.283969 | Permissions Required VDB Entry |
https://vuldb.com/?id.283969 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.436675 | Third Party Advisory VDB Entry |
https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc | Exploit Third Party Advisory |
Configurations
History
27 Aug 2025, 21:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:51mis:lingdang_crm:*:*:*:*:*:*:*:* | |
Summary |
|
|
First Time |
51mis
51mis lingdang Crm |
|
References | () https://vuldb.com/?ctiid.283969 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.283969 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.436675 - Third Party Advisory, VDB Entry | |
References | () https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc - Exploit, Third Party Advisory |
12 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
12 Nov 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability classified as critical was found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
12 Nov 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-12 13:15
Updated : 2025-08-27 21:01
NVD link : CVE-2024-11121
Mitre link : CVE-2024-11121
CVE.ORG link : CVE-2024-11121
JSON object : View
Products Affected
51mis
- lingdang_crm