CVE-2024-11123 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 /crm/data/pdf.php url path traversal

A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-11123. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11123 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 /crm/data/pdf.php url path traversal

Related Posts

CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

CVE-2024-23663 | Fortinet FortiExtender up to 7.0.4/7.2.4/7.4.2 HTTP access control (FG-IR-23-459)

CVE-2024-6213 | SourceCodester Food Ordering Management System up to 1.0 Login Panel login.php username sql injection

CVE-2024-38634 | Linux Kernel up to 6.9.3 serial_core.c uart_handle_cts_change Privilege Escalation