SQL Injection Vulnerability in Lingdang CRM by Shanghai Lingdang Information Technology
CVE-2025-8219

5.3MEDIUM

Key Information:

Vendor

Shanghai Lingdang Information Technology

Status
Lingdang Crm
Vendor
CVE Published:
27 July 2025

What is CVE-2025-8219?

A vulnerability has been identified in Lingdang CRM, specifically in the /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php HTTP POST Request Handler. This issue arises from insufficient validation of input parameters, allowing attackers to manipulate the 'getvaluestring' argument, leading to potential SQL injection attacks. Such attacks can be executed remotely, posing a significant risk to data integrity and confidentiality. It is crucial for users of affected versions to upgrade to version 8.6.5.2 or later, which includes robust security enhancements through the implementation of parameterized queries and improved input sanitization.

Affected Version(s)

Lingdang CRM 8.6.4.0

Lingdang CRM 8.6.4.1

Lingdang CRM 8.6.4.2

References

https://vuldb.com/?id.317807
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317807
signaturepermissions-required
https://vuldb.com/?submit.616140
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

xcdw666 (VulDB User)
.
CVE-2025-8219 : SQL Injection Vulnerability in Lingdang CRM by Shanghai Lingdang Information Technology