CVE-2025-5005 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4 index_event.php corpurl server-side request forgery

Inserito da Angelo Barbosa | Set 9, 2025 | CVE

A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery.

This vulnerability is reported as CVE-2025-5005. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5005 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4 index_event.php corpurl server-side request forgery

Post correlati

CVE-2024-7007 | Positron Broadcast Signal Processor TRA7005 1.20/3.1/7.5 authentication bypass (icsa-24-207-02)

CVE-2024-25532 | RuvarOA 6.01/12.01 /include/get_dict.aspx bt_id sql injection

CVE-2025-9426 | itsourcecode Online Tour and Travel Management System 1.0 /package.php subcatid sql injection

CVE-2024-42786 | Kashipara Music Management System 1.0 View User Profile Page /music/view_user.php id sql injection