CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?module=Users&action=getActionList userid sql injection

A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection.

This vulnerability is known as CVE-2024-11121. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11121 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?module=Users&action=getActionList userid sql injection

Related Posts

CVE-2023-5594 | ESET NOD32 Antivirus prior 1464 certificate validation

CVE-2024-0528 | CXBSoft Post-Office 1.0 HTTP POST Request update_go.php version sql injection

CVE-2024-40509 | openPetra 2023.02 serverMFinDev.asmx cross site scripting

CVE-2023-52915 | Linux Kernel up to 6.5.4 Media az6027_i2c_xfer null pointer dereference