Vulners
Lucene search
CVE-2025-0463
๐๏ธย 14 Jan 2025ย 17:00:14Reported byย VulDBTypeย 
ย cve๐ย web.nvd.nist.gov๐ย 40ย Views๐ WEB
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2025-0463 | 14 Jan 202517:03 | โ | circl |
 | Lingdang CRM ๅฎๅ จๆผๆด | 14 Jan 202500:00 | โ | cnnvd |
 | CVE-2025-0463 Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload | 14 Jan 202517:00 | โ | cvelist |
 | EUVD-2025-1691 | 3 Oct 202520:07 | โ | euvd |
 | CVE-2025-0463 | 14 Jan 202517:15 | โ | nvd |
 | PT-2025-3899 ยท Shanghai Lingdang Information Technology ยท Lingdang Crm | 14 Jan 202500:00 | โ | ptsecurity |
 | CVE-2025-0463 | 23 May 202511:57 | โ | redhatcve |
 | CVE-2025-0463 Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload | 14 Jan 202517:00 | โ | vulnrichment |
Node
[
{
"vendor": "Shanghai Lingdang Information Technology",
"product": "Lingdang CRM",
"versions": [
{
"version": "8.6.0",
"status": "affected"
}
]
}
]| Source | Link |
|---|---|
| vuldb | www.vuldb.com/ |
| vuldb | www.vuldb.com/ |
| github | www.github.com/BxYQ/ld/blob/main/File_Upload_vul.doc |
| vuldb | www.vuldb.com/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| userid | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
| module | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
| usid | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
| action | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
| minipro_const_type | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
| related_module | query param | crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin | Unrestricted upload via manipulation of parameter name in UsersAjax endpoint | CWE-284,ย CWE-434 |
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Aug 2025 10:57Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.3 - 9.8
CVSS 45.3
CVSS 26.5
CVSS 36.3
EPSS0.00253
SSVC