CVE-2024-11122 – This critical vulnerability in Lingdang CRM all... (How to Fix)

Q: What is the severity of CVE-2024-11122?

CVE-2024-11122 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in Lingdang CRM allows attackers to upload arbitrary files without restrictions via the /crm/wechatSession/index.php endpoint. Attackers can exploit this remotely to potentially execute malicious code on affected systems. All users of Lingdang CRM up to version 8.6.4.3 are vulnerable.

📋 TL;DR

This critical vulnerability in Lingdang CRM allows attackers to upload arbitrary files without restrictions via the /crm/wechatSession/index.php endpoint. Attackers can exploit this remotely to potentially execute malicious code on affected systems. All users of Lingdang CRM up to version 8.6.4.3 are vulnerable.

💻 Affected Systems

Products:

上海灵当信息科技有限公司 Lingdang CRM

Versions: up to 8.6.4.3

Operating Systems: Any OS running Lingdang CRM

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects the /crm/wechatSession/index.php endpoint with specific parameters. All default installations are vulnerable.

📦 What is this software?

Lingdang Crm by 51mis

View all CVEs affecting Lingdang Crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation of the compromised system.

🟢

If Mitigated

File upload attempts are blocked or logged, preventing successful exploitation while maintaining system functionality.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to attacks from compromised internal hosts or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit has been publicly disclosed and requires minimal technical skill to execute. Attackers can upload malicious files without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. The vendor did not respond to disclosure. Consider upgrading to any version above 8.6.4.3 if available, or implement workarounds.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Use web application firewall or server configuration to block access to /crm/wechatSession/index.php

# Apache: RewriteRule ^/crm/wechatSession/index\.php$ - [F]
# Nginx: location ~ /crm/wechatSession/index\.php { deny all; }

Implement file upload restrictions

all

Configure server to restrict file uploads to specific directories with proper permissions and file type validation

# Example PHP configuration: upload_max_filesize = 1M
# post_max_size = 1M
# disable_functions = exec,system,passthru,shell_exec

🧯 If You Can't Patch

Implement network segmentation to isolate the CRM system from critical infrastructure
Deploy a web application firewall with rules to detect and block file upload exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if /crm/wechatSession/index.php exists and accepts file uploads via the 'file' parameter. Test with harmless file upload attempts.

Check Version:

Check CRM version in admin panel or configuration files. Look for version numbers <= 8.6.4.3.

Verify Fix Applied:

Attempt to upload a file to the vulnerable endpoint. Successful upload indicates the system remains vulnerable.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /crm/wechatSession/index.php
POST requests with file parameters to the vulnerable endpoint
Execution of unexpected PHP files in upload directories

Network Indicators:

HTTP POST requests to /crm/wechatSession/index.php with file upload content
Unusual outbound connections from the CRM server

SIEM Query:

source="web_server" AND (uri="/crm/wechatSession/index.php" AND method="POST" AND size>100000) OR (process="php" AND parent_process="web_server" AND cmdline="*upload*"))

📊 Metadata

CVE ID: CVE-2024-11122

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

Published: November 12, 2024

Last Updated: August 27, 2025

🔗 References

https://vuldb.com/?ctiid.283970 Permissions Required,VDB Entry
https://vuldb.com/?id.283970 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.436676 Third Party Advisory,VDB Entry
https://wiki.shikangsi.com/post/share/8c9422c2-ecad-4471-97a2-6f8035a2ddf5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11122, you might also want to check these: