CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?module=Users&action=getActionList userid sql injection

A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection.

This vulnerability is known as CVE-2024-11121. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?module=Users&action=getActionList userid sql injection

Related Posts

CVE-2024-27984 | Ivanti Avalanche up to 6.4.2 Web denial of service

CVE-2024-8037 | Canonical Juju up to 2.9.50/3.1.9/3.3.6/3.4.5/3.5.3 Unix Domain Socket agent.socket Local Privilege Escalation (GHSA-8v4w-f4r9-7h6x)

CVE-2024-26937 | Linux Kernel up to 6.9-rc1 queue_priority_hint buffer overflow

CVE-2024-5322 | N-able N-central 2023.4/2023.6 authentication bypass