{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-0461","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-01-14T08:17:33.947Z","datePublished":"2025-01-14T16:00:19.736Z","dateUpdated":"2025-01-14T16:38:30.241Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-01-14T16:00:19.736Z"},"title":"Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"Path Traversal"}]}],"affected":[{"vendor":"Shanghai Lingdang Information Technology","product":"Lingdang CRM","versions":[{"version":"8.6.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In Shanghai Lingdang Information Technology Lingdang CRM bis 8.6.0.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. Dank der Manipulation des Arguments pathfile mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N"}}],"timeline":[{"time":"2025-01-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-01-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-01-14T09:22:39.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.291478","name":"VDB-291478 | Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.291478","name":"VDB-291478 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.474252","name":"Submit #474252 | Shanghai Lingdang Information Technology Co., Ltd. Lingdang CRM  <=V8.6.0.0 File and Directory Information Exposure","tags":["third-party-advisory"]},{"url":"https://github.com/BxYQ/ld/blob/main/downloadSocialPromotionQrcode_fileread.doc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-14T16:38:22.155531Z","id":"CVE-2025-0461","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-14T16:38:30.241Z"}}]}}