CVE-2025-4510

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-2980

MEDIUM
CVSS:6.3(Medium)

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-For...

CWE-742016

CVE-2017-18389

MEDIUM
CVSS:6.3(Medium)

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

CWE-742017

CVE-2017-20196

MEDIUM
CVSS:6.3(Medium)

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argume...

CWE-742017

CVE-2018-25106

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy...

CWE-742018

CVE-2019-10792

MEDIUM
CVSS:6.3(Medium)

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019

CVE-2019-10793

MEDIUM
CVSS:6.3(Medium)

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019