CVE-2025-70981 | CordysCRM 1.4.1 Employee List Query Interface /user/list departmentIds sql injection

Inserito da Angelo Barbosa | Feb 12, 2026 | CVE

A vulnerability was found in CordysCRM 1.4.1. It has been declared as critical. The impacted element is an unknown function of the file /user/list of the component Employee List Query Interface. The manipulation of the argument departmentIds results in sql injection.

This vulnerability is reported as CVE-2025-70981. The attack can be launched remotely. No exploit exists.

CVE-2025-70981 | CordysCRM 1.4.1 Employee List Query Interface /user/list departmentIds sql injection

Post correlati

CVE-2024-2015 | ZhiCms 4.0 mcontroller.php getindexdata key sql injection

CVE-2024-21613 | Juniper Junos OS/Junos OS Evolved rpd memory leak (JSA75754)

CVE-2024-5606 | Quiz and Survey Master Plugin up to 9.0.1 on WordPress qsm_bulk_delete_question_from_database question_id sql injection

CVE-2024-6221 | corydolphin flask-cors up to 4.0.1 Configuration Options access control