{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11123", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-12T06:45:10.233Z", "datePublished": "2024-11-12T13:00:13.781Z", "dateUpdated": "2024-11-12T15:52:04.520Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-12T13:00:13.781Z"}, "title": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Lingdang CRM", "versions": [{"version": "8.6.4.0", "status": "affected"}, {"version": "8.6.4.1", "status": "affected"}, {"version": "8.6.4.2", "status": "affected"}, {"version": "8.6.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /crm/data/pdf.php. Mittels Manipulieren des Arguments url mit der Eingabe ../config.inc.php mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-11-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-12T07:50:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XingYue_Mstir (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.283971", "name": "VDB-283971 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.283971", "name": "VDB-283971 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.436677", "name": "Submit #436677 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM <= 8.6.4.3 arbitrary file read", "tags": ["third-party-advisory"]}, {"url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.0", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.1", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.2", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T15:46:30.370901Z", "id": "CVE-2024-11123", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:52:04.520Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11123", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-12T06:45:10.233Z", "datePublished": "2024-11-12T13:00:13.781Z", "dateUpdated": "2024-11-12T15:52:04.520Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-12T13:00:13.781Z"}, "title": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Lingdang CRM", "versions": [{"version": "8.6.4.0", "status": "affected"}, {"version": "8.6.4.1", "status": "affected"}, {"version": "8.6.4.2", "status": "affected"}, {"version": "8.6.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /crm/data/pdf.php. Mittels Manipulieren des Arguments url mit der Eingabe ../config.inc.php mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-11-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-12T07:50:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XingYue_Mstir (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.283971", "name": "VDB-283971 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.283971", "name": "VDB-283971 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.436677", "name": "Submit #436677 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM <= 8.6.4.3 arbitrary file read", "tags": ["third-party-advisory"]}, {"url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11123", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T15:46:30.370901Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.0:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.1:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.2:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.3:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:51:53.839Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:51mis:lingdang_crm:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA9D5585-14DE-410E-9405-AAED9A43AAEF", "versionEndIncluding": "8.6.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en ???????????? Lingdang CRM hasta la versi\u00f3n 8.6.4.3. Afecta a una parte desconocida del archivo /crm/data/pdf.php. La manipulaci\u00f3n del argumento url con la entrada ../config.inc.php provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-11123", "lastModified": "2025-08-27T20:44:19.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-11-12T13:15:06.987", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.283971"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.283971"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.436677"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}