CVE-2025-4510 – Changjietong UFIDA CRM SQL Injection

May 10, 2025

CVE ID : CVE-2025-4510

Published : May 10, 2025, 6:15 p.m. | 2 hours, 8 minutes ago

Description : A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4511 – Vector4Wang Spring-Boot-Quick Remote Path Traversal Vulnerability

Next Article CVE-2025-4509 – PHPGurukul e-Diary Management System SQL Injection

Highlights

CVE-2025-32953 – Z80pack GitHub Token Exposure

April 22, 2025

CVE ID : CVE-2025-32953

Published : April 18, 2025, 9:15 p.m. | 3 days, 16 hours ago

Description : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-4510 – Changjietong UFIDA CRM SQL Injection

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

From Banking Darling to $1B Fraud Magnet: Inside the Zelle Lawsuit 2025

CVE-2025-38176 – Linux Binder Use-After-Free Vulnerability

CVE-2025-6841 – Code-projects Product Inventory System SQL Injection Vulnerability

Xbox’s Call of Duty devs say “we’re committed” to Nintendo Switch 2 releases, but what about Black Ops 7?

Empowering Businesses Online: How Globaliweb Is Simplifying Website Creation

CVE-2025-32953 – Z80pack GitHub Token Exposure

IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files

Here’s where you can buy Phil Spencer’s Minecraft jacket

My ‘Game of the Year’ pick is on sale for a killer discount — and no, it’s not Clair Obscur: Expedition 33

CVE-2025-4510 – Changjietong UFIDA CRM SQL Injection

Related Posts