CVE-2025-8345 – This critical SQL injection vulnerability in Sh... (How to Fix)

Q: What is the severity of CVE-2025-8345?

CVE-2025-8345 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM allows remote attackers to execute arbitrary SQL commands via the delete_user function. Affected systems include Lingdang CRM versions up to 8.6.4.7, potentially exposing sensitive customer data and system integrity.

📋 TL;DR

This critical SQL injection vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM allows remote attackers to execute arbitrary SQL commands via the delete_user function. Affected systems include Lingdang CRM versions up to 8.6.4.7, potentially exposing sensitive customer data and system integrity.

💻 Affected Systems

Products:

Shanghai Lingdang Information Technology Lingdang CRM

Versions: Up to version 8.6.4.7

Operating Systems: Any OS running the affected PHP application

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the crm/WeiXinApp/yunzhijia/yunzhijiaApi.php file specifically in the delete_user function.

📦 What is this software?

Lingdang Crm by 51mis

View all CVEs affecting Lingdang Crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized access to sensitive CRM data including customer information, business records, and potentially authentication credentials.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit is publicly available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but remote exploitation capability increases external threat.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code has been publicly disclosed on GitHub, making exploitation straightforward for attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.6.5.2

Vendor Advisory: Not provided in CVE details

Restart Required: No

Instructions:

1. Backup current CRM installation and database. 2. Download version 8.6.5.2 from official vendor source. 3. Replace affected files or perform full upgrade following vendor documentation. 4. Test functionality before deploying to production.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the delete_user function arguments

Not applicable - requires code modification

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Not applicable - WAF configuration dependent

🧯 If You Can't Patch

Implement network segmentation to restrict access to the CRM application
Deploy a web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check CRM version in admin panel or examine crm/WeiXinApp/yunzhijia/yunzhijiaApi.php file for vulnerable delete_user function

Check Version:

Check admin panel or examine application configuration files for version information

Verify Fix Applied:

Verify CRM version is 8.6.5.2 or later and test delete_user functionality with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed delete_user attempts
SQL error messages in application logs

Network Indicators:

HTTP POST requests to yunzhijiaApi.php with SQL injection patterns in parameters

SIEM Query:

source="web_logs" AND uri="*yunzhijiaApi.php*" AND (param="*DELETE*" OR param="*SELECT*" OR param="*UNION*")

📊 Metadata

CVE ID: CVE-2025-8345

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (7.7th percentile)

Published: July 31, 2025

Last Updated: August 28, 2025

🔗 References

https://github.com/jackyliu666/blob01/blob/main/README.md Broken Link
https://vuldb.com/?ctiid.318295 Permissions Required,VDB Entry
https://vuldb.com/?id.318295 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.617844 Third Party Advisory,VDB Entry
https://github.com/jackyliu666/blob01/blob/main/README.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8345, you might also want to check these: