{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11123", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-12T06:45:10.233Z", "datePublished": "2024-11-12T13:00:13.781Z", "dateUpdated": "2024-11-12T15:52:04.520Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-12T13:00:13.781Z"}, "title": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Lingdang CRM", "versions": [{"version": "8.6.4.0", "status": "affected"}, {"version": "8.6.4.1", "status": "affected"}, {"version": "8.6.4.2", "status": "affected"}, {"version": "8.6.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /crm/data/pdf.php. Mittels Manipulieren des Arguments url mit der Eingabe ../config.inc.php mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-11-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-12T07:50:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XingYue_Mstir (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.283971", "name": "VDB-283971 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.283971", "name": "VDB-283971 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.436677", "name": "Submit #436677 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM <= 8.6.4.3 arbitrary file read", "tags": ["third-party-advisory"]}, {"url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.0", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.1", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.2", "status": "affected"}]}, {"vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.6.4.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T15:46:30.370901Z", "id": "CVE-2024-11123", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:52:04.520Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11123", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-12T06:45:10.233Z", "datePublished": "2024-11-12T13:00:13.781Z", "dateUpdated": "2024-11-12T15:52:04.520Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-12T13:00:13.781Z"}, "title": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8", "product": "Lingdang CRM", "versions": [{"version": "8.6.4.0", "status": "affected"}, {"version": "8.6.4.1", "status": "affected"}, {"version": "8.6.4.2", "status": "affected"}, {"version": "8.6.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /crm/data/pdf.php. Mittels Manipulieren des Arguments url mit der Eingabe ../config.inc.php mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-11-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-12T07:50:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XingYue_Mstir (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.283971", "name": "VDB-283971 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM pdf.php path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.283971", "name": "VDB-283971 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.436677", "name": "Submit #436677 | \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM <= 8.6.4.3 arbitrary file read", "tags": ["third-party-advisory"]}, {"url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11123", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T15:46:30.370901Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.0:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.1:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.2:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:shanghai_lingdang_information_technology:lingdang_crm:8.6.4.3:*:*:*:*:*:*:*"], "vendor": "shanghai_lingdang_information_technology", "product": "lingdang_crm", "versions": [{"status": "affected", "version": "8.6.4.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:51:53.839Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2024-11123", "lastModified": "2024-11-12T16:15:20.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-11-12T13:15:06.987", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.283971"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.283971"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.436677"}, {"source": "cna@vuldb.com", "url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}