CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is handled as CVE-2024-11122. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload

Related Posts

CVE-2024-46466 | ZONECENTRAL up to 2021.2/2024.3 on Windows Privilege Escalation

CVE-2024-1693 | SP Project & Document Manager Plugin up to 4.70 on WordPress Folder Name access control

CVE-2024-26592 | Linux Kernel up to 6.1.74/6.6.13/6.7.1 ksmbd ksmbd_tcp_new_connection use after free

CVE-2024-49313 | RudeStan VKontakte Wall Post Plugin up to 2.0 on WordPress cross-site request forgery