CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is handled as CVE-2024-11122. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload

Related Posts

CVE-2023-21634 | Qualcomm 835 Mobile PC Platform Radio Interface Layer memory corruption

CVE-2024-21094 | Oracle Java SE Hotspot Remote Code Execution

CVE-2024-38319 | IBM Security SOAR 51.0.2.0 code injection (XFDB-294830)

CVE-2024-35743 | Siteclean SC Filechecker Plugin up to 0.6 on WordPress path traversal