Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-5005

Source VulDB

Published Sep 9, 2025 at 16:32

Affected Product

Vendor Shanghai Lingdang Information Technology

Product Lingdang CRM

Version 8.6.5.0

Affected Versions Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.0
Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.1
Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.2
Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.3
Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.4

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-09T16:32:06.053Z",
    "modified": "2025-09-09T16:32:06.053Z",
    "type": "cve",
    "title": "Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323233\nhttps://vuldb.com/?ctiid.323233\nhttps://vuldb.com/?submit.636882\nhttps://github.com/jackyliu666/dingtalk",
    "id": "CVE-2025-5005",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Shanghai Lingdang Information Technology Lingdang CRM 8.6.5.0\nShanghai Lingdang Information Technology Lingdang CRM 8.6.5.1\nShanghai Lingdang Information Technology Lingdang CRM 8.6.5.2\nShanghai Lingdang Information Technology Lingdang CRM 8.6.5.3\nShanghai Lingdang Information Technology Lingdang CRM 8.6.5.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Lingdang CRM",
    "version": "8.6.5.0",
    "vendor": "Shanghai Lingdang Information Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shanghai Lingdang Information Technology Lingdang CRM index_event.php server-side request forgery_CVE-2025-5005