CVE-2025-9140 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 tabdetail_moduleSave.php getvaluestring sql injection

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 and classified as critical. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection.

This vulnerability is traded as CVE-2025-9140. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.

The vendor explains: “All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+.”

CVE-2025-9140 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 tabdetail_moduleSave.php getvaluestring sql injection

Post correlati

CVE-2024-29666 | CMSV6 up to 7.32.0.3 default password

CVE-2025-20058 | F5 BIG-IP up to 17.1.1 Message Routing Profile resource consumption (K000140947)

CVE-2024-6745 | code-projects Simple Ticket Booking 1.0 Login adminauthenticate.php email/password sql injection

CVE-2023-51965 | Tenda AX1803 1.0.0.1 setIptvInfo stbpvid stack-based overflow