VDB-283969 · CVE-2024-11121 · GCVE-100-283969

上海灵当信息科技有限公司 Lingdang CRM ଯେପର୍ଯ୍ୟନ୍ତ 8.6.4.3 index.php?module=Users&action=getActionList userid SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu 上海灵当信息科技有限公司 Lingdang CRM ଯେପର୍ଯ୍ୟନ୍ତ 8.6.4.3 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList keessa. Dhugumatti jijjiirraa irratti raawwatame userid gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-89 si geessa. Beekumsi kun yeroo 11/12/2024 ifoomsifameera. Odeeffannoon kun buufachuuf wiki.shikangsi.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-11121 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana wiki.shikangsi.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 98 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 11/12/2024 07:50 AM	ଅଦ୍ୟତନ 1/1 08/28/2025 10:09 AM
software_vendor	上海灵当信息科技有限公司	上海灵当信息科技有限公司
software_name	Lingdang CRM	Lingdang CRM
software_version	<=8.6.4.3	<=8.6.4.3
software_file	/crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList	/crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList
software_argument	userid	userid
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc	https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc	https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc
source_cve	CVE-2024-11121	CVE-2024-11121
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
software_type	Customer Relationship Management System	Customer Relationship Management System
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7
cvss3_meta_basescore	6.3	7.5
cvss3_meta_tempscore	5.7	7.3
cvss4_vuldb_bscore	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1
advisory_date	1731366000 (11/12/2024)	1731366000 (11/12/2024)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad clasificada como crítica en ???????????? Lingdang CRM hasta la versión 8.6.4.3. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. La manipulación del argumento userid conduce a una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		L
cvss4_cna_va		L
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		5.3
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		6.3
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		N
cvss3_nvd_ui		N
cvss3_nvd_s		U
cvss3_nvd_c		H
cvss3_nvd_i		H
cvss3_nvd_a		H
cvss3_nvd_basescore		9.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		6.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!