Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."

Basic Information

ID CVE-2025-9140

Source VulDB

Published Aug 19, 2025 at 13:32

Modified Aug 19, 2025 at 13:42

Affected Product

Vendor Shanghai Lingdang Information Technology

Product Lingdang CRM

Version 8.6.4.0

Affected Versions Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.0
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.1
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.2
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.3
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.4
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.5
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.6
Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.7

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: \"All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+.\"",
    "published": "2025-08-19T13:32:06.591Z",
    "modified": "2025-08-19T13:42:35.904Z",
    "type": "cve",
    "title": "Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320520\nhttps://vuldb.com/?ctiid.320520\nhttps://vuldb.com/?submit.628087\nhttps://www.notion.so/SQL2-2459bb66b0a5802ba8e9ca5bc775fc7d?source=copy_link",
    "id": "CVE-2025-9140",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Shanghai Lingdang Information Technology Lingdang CRM 8.6.4.0\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.1\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.2\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.3\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.4\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.5\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.6\nShanghai Lingdang Information Technology Lingdang CRM 8.6.4.7",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Lingdang CRM",
    "version": "8.6.4.0",
    "vendor": "Shanghai Lingdang Information Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection_CVE-2025-9140