3 matches found
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. Root cause: unsanitized input leading to SQLi. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:...