CVE-2025-9140: SQL Injection in Shanghai Lingdang Information Technology Lingdang CRM
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
AI Analysis
Technical Summary
CVE-2025-9140 is a medium severity SQL Injection vulnerability affecting Shanghai Lingdang Information Technology's Lingdang CRM product, specifically versions up to 8.6.4.7. The vulnerability resides in the /crm/crmapi/erp/tabdetail_moduleSave.php file, where the 'getvaluestring' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to unauthenticated attackers with network access to the CRM system. The vulnerability arises from the failure to use parameterized queries and insufficient input validation, which enables attackers to manipulate backend database queries. Exploitation could lead to unauthorized data access, data modification, or even deletion, compromising the confidentiality, integrity, and availability of the CRM database. The vendor has addressed this issue in version 8.6.5.4 by implementing parameterized queries and input sanitization to eliminate SQL injection vectors. Although no known exploits are currently active in the wild, public exploit code is available, increasing the risk of exploitation. The CVSS 4.0 base score is 5.3, reflecting a medium severity level due to the ease of exploitation balanced against the limited scope and partial impact on confidentiality, integrity, and availability.
Potential Impact
For European organizations using Lingdang CRM versions up to 8.6.4.7, this vulnerability poses a significant risk to sensitive customer and business data stored within the CRM system. Successful exploitation could lead to unauthorized data disclosure, alteration of customer records, or disruption of CRM services, impacting business operations and customer trust. Given that CRM systems often integrate with other enterprise applications, a compromise could facilitate lateral movement within the network, potentially exposing additional systems. The remote and unauthenticated nature of the attack vector increases the threat level, especially for organizations with externally accessible CRM portals. Compliance with GDPR and other data protection regulations in Europe means that data breaches resulting from this vulnerability could lead to regulatory penalties and reputational damage. Organizations in sectors such as finance, healthcare, and retail, which rely heavily on CRM data, are particularly at risk.
Mitigation Recommendations
European organizations should immediately assess their Lingdang CRM deployments to identify affected versions. The primary mitigation is to upgrade all affected Lingdang CRM instances to version 8.6.5.4 or later, where the vulnerability has been patched through parameterized queries and input sanitization. Until upgrades can be applied, organizations should implement web application firewalls (WAFs) with rules specifically designed to detect and block SQL injection attempts targeting the 'getvaluestring' parameter. Network segmentation should be enforced to restrict external access to the CRM system, limiting exposure to trusted internal networks or VPN users only. Regular security audits and code reviews should be conducted to identify any other injection points. Additionally, monitoring and logging of database queries and web application logs should be enhanced to detect anomalous activities indicative of exploitation attempts. Backup procedures must be verified to ensure rapid recovery in case of data compromise.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2025-9140: SQL Injection in Shanghai Lingdang Information Technology Lingdang CRM
Description
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
AI-Powered Analysis
Technical Analysis
CVE-2025-9140 is a medium severity SQL Injection vulnerability affecting Shanghai Lingdang Information Technology's Lingdang CRM product, specifically versions up to 8.6.4.7. The vulnerability resides in the /crm/crmapi/erp/tabdetail_moduleSave.php file, where the 'getvaluestring' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to unauthenticated attackers with network access to the CRM system. The vulnerability arises from the failure to use parameterized queries and insufficient input validation, which enables attackers to manipulate backend database queries. Exploitation could lead to unauthorized data access, data modification, or even deletion, compromising the confidentiality, integrity, and availability of the CRM database. The vendor has addressed this issue in version 8.6.5.4 by implementing parameterized queries and input sanitization to eliminate SQL injection vectors. Although no known exploits are currently active in the wild, public exploit code is available, increasing the risk of exploitation. The CVSS 4.0 base score is 5.3, reflecting a medium severity level due to the ease of exploitation balanced against the limited scope and partial impact on confidentiality, integrity, and availability.
Potential Impact
For European organizations using Lingdang CRM versions up to 8.6.4.7, this vulnerability poses a significant risk to sensitive customer and business data stored within the CRM system. Successful exploitation could lead to unauthorized data disclosure, alteration of customer records, or disruption of CRM services, impacting business operations and customer trust. Given that CRM systems often integrate with other enterprise applications, a compromise could facilitate lateral movement within the network, potentially exposing additional systems. The remote and unauthenticated nature of the attack vector increases the threat level, especially for organizations with externally accessible CRM portals. Compliance with GDPR and other data protection regulations in Europe means that data breaches resulting from this vulnerability could lead to regulatory penalties and reputational damage. Organizations in sectors such as finance, healthcare, and retail, which rely heavily on CRM data, are particularly at risk.
Mitigation Recommendations
European organizations should immediately assess their Lingdang CRM deployments to identify affected versions. The primary mitigation is to upgrade all affected Lingdang CRM instances to version 8.6.5.4 or later, where the vulnerability has been patched through parameterized queries and input sanitization. Until upgrades can be applied, organizations should implement web application firewalls (WAFs) with rules specifically designed to detect and block SQL injection attempts targeting the 'getvaluestring' parameter. Network segmentation should be enforced to restrict external access to the CRM system, limiting exposure to trusted internal networks or VPN users only. Regular security audits and code reviews should be conducted to identify any other injection points. Additionally, monitoring and logging of database queries and web application logs should be enhanced to detect anomalous activities indicative of exploitation attempts. Backup procedures must be verified to ensure rapid recovery in case of data compromise.
Affected Countries
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-08-19T05:44:18.399Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68a48084ad5a09ad00f82386
Added to database: 8/19/2025, 1:47:48 PM
Last enriched: 8/29/2025, 12:42:57 AM
Last updated: 1/7/2026, 8:50:21 AM
Views: 114
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15158: CWE-434 Unrestricted Upload of File with Dangerous Type in eastsidecode WP Enable WebP
HighCVE-2025-15018: CWE-639 Authorization Bypass Through User-Controlled Key in djanym Optional Email
CriticalCVE-2025-15000: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tfrommen Page Keys
MediumCVE-2025-14999: CWE-352 Cross-Site Request Forgery (CSRF) in kentothemes Latest Tabs
MediumCVE-2025-13531: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in hayyatapps Stylish Order Form Builder
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.