CVE-2025-5005 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/…
Medium CVSS: 6.9

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
51mis
Product
Lingdang Crm
CWE
CWE-918
Yayın Tarihi
2025-09-09 17:16:15
Güncelleme
2025-10-09 20:16:41
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-918 Lingdang Crm MEDIUM 51mis 2025

Referanslar

https://github.com/jackyliu666/dingtalk https://vuldb.com/?ctiid.323233 https://vuldb.com/?id.323233 https://vuldb.com/?submit.636882 https://github.com/jackyliu666/dingtalk