Shanghai Lingdang Information Technology Lingdang CRM Unrestricted File Upload Vulnerability

Vulnerability

A critical vulnerability allowing unrestricted file upload has been identified in Shanghai Lingdang Information Technology Lingdang CRM versions through 8.6.0.0. The issue arises from an unknown function in the file '/crm/weixinmp/index.php', where the 'name' argument can be manipulated to upload files without restriction. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to various attacks depending on the uploaded file type, such as executing malicious scripts or causing a denial-of-service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shanghai Lingdang Information Technology Lingdang CRM Unrestricted File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating