CVE-2025-8345 MEDIUM

CVE-2025-8345: Shanghai Lingdang Information Technology Lingdang CRM yunzhijiaApi.php delete_user sql injection

Vendor Shanghai Lingdang Information Technology
Product Lingdang CRM
Weakness CWE-89 · SQLi
Published July 31, 2025
Last update July 31, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of the argument function leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.6.5.2 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

July 31, 2025 CVE published
July 31, 2025 Record updated