Lucene search
K

CVE-2025-0463

๐Ÿ—“๏ธย 14 Jan 2025ย 17:00:14Reported byย VulDBTypeย 
cve
ย cve
๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 40ย Views๐ŸŒ WEB

Critical vulnerability in Lingdang CRM allows unrestricted upload via index.php, risk of remote attack.

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
51mislingdang_crmMatch8.6.0.0
[
  {
    "vendor": "Shanghai Lingdang Information Technology",
    "product": "Lingdang CRM",
    "versions": [
      {
        "version": "8.6.0",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
useridquery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434
modulequery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434
usidquery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434
actionquery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434
minipro_const_typequery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434
related_modulequery paramcrm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=SinginUnrestricted upload via manipulation of parameter name in UsersAjax endpointCWE-284,ย CWE-434

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Aug 2025 10:57Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.3 - 9.8
CVSS 45.3
CVSS 26.5
CVSS 36.3
EPSS0.00253
SSVC
40