CVE-2025-8219 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 HTTP POST Request tabdetail_moduleSave_dxkp.php getvaluestring sql injection

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POST Request Handler. The manipulation of the argument getvaluestring leads to sql injection.

The identification of this vulnerability is CVE-2025-8219. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

The vendor explains: “All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+. We strongly advise all customers to upgrade to the current version (v8.6.5.2), which includes this fix and additional security enhancements.”

CVE-2025-8219 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 HTTP POST Request tabdetail_moduleSave_dxkp.php getvaluestring sql injection

Post correlati

CVE-2023-48245 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 HTTP Request authorization

CVE-2024-56743 | Linux Kernel up to 6.12.1 nfs_common Privilege Escalation

CVE-2024-9285 | Tu Yafeng Via Browser up to 5.9.0 on Android Javascript Bridge cross site scripting (MZ-25-01)

CVE-2024-36411 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 EmailUIAjax displayView Controller sql injection