Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CRM — Vulnerabilities & Security Advisories 82

All 82 CVE vulnerabilities found in CRM, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities for the Product: crm software category, focusing on Common Weakness Enumerations (CWE) and associated Common Vulnerabilities and Exposures (CVE) entries. It collects data regarding security flaws, including injection attacks, broken access control, cross-site scripting, and authentication failures, covering records from 2018 through the current year. Here, you can track a vendor's advisories to stay informed about recent patches and security updates, understand a weakness class by viewing detailed technical descriptions and potential impact scenarios, and look up a product's vulnerability history to assess long-term security posture and remediation trends. The information is organized to help security professionals, developers, and IT administrators quickly identify risks specific to CRM implementations, evaluate the severity of disclosed issues, and prioritize mitigation efforts based on verified data sources. By consolidating this information, the page aims to provide a clear, factual overview of the threat landscape for CRM software, enabling more informed decision-making regarding system upgrades, configuration hardening, and third-party risk management without resorting to speculative analysis or unverified claims.

Vendor: oroinc

CVE IDTitleCVSSSeverityPublished
CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key CWE-89 7.2 High2025-12-17
CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter CWE-89 8.8 High2025-12-17
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard CWE-94 10.0 Critical2025-12-17
CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix CWE-89 7.2 High2025-12-16
CVE-2025-67874 ChurchCRM has plaintext password return in response CWE-204 8.1AIHighAI2025-12-16
CVE-2025-14189 Chanjet CRM jxf_dump_table_demo.php sql injection CWE-89 7.3 High2025-12-07
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter CWE-89 7.7AIHighAI2025-12-01
CVE-2025-13788 Chanjet CRM upgradeattribute.php sql injection CWE-89 7.3 High2025-11-30
CVE-2025-7915 Chanjet CRM Login Page mailinactive.php sql injection CWE-89 7.3 High2025-07-21
CVE-2025-7801 BossSoft CRM HNDCBas_customPrmSearchDtl.jsp sql injection CWE-89 7.3 High2025-07-18
CVE-2025-6132 Chanjet CRM departmentsetting.php sql injection CWE-89 7.3 High2025-06-16
CVE-2025-5152 Chanjet CRM newActivityedit.php sql injection CWE-89 6.3 Medium2025-05-25
CVE-2025-1618 vTiger CRM index.php cross site scripting CWE-79 4.3 Medium2025-02-24
CVE-2024-8867 Perfex CRM Parameter Clients.php cross site scripting CWE-79 3.5 Low2024-09-15
CVE-2024-39304 ChurchCRM SQL Injection Vulnerability CWE-89 8.8 High2024-07-26
CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility CWE-284 5.0 Medium2023-11-28
CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility CWE-284 5.0 Medium2023-11-27
CVE-2023-5020 07FLY CRM Administrator Login Page sql injection CWE-89 7.3 High2023-09-17
CVE-2023-3505 Onest CRM Project List 2 cross site scripting CWE-79 3.5 Low2023-07-04
CVE-2023-3058 07FLY CRM User Profile cross site scripting CWE-79 3.5 Low2023-06-02
CVE-2023-27897 Code Injection vulnerability in SAP CRM CWE-94 6.0 Medium2023-04-11
CVE-2021-39198 The disqualify lead action may be executed without CSRF token check CWE-352 4.2 Medium2021-11-19

All 82 known CVE vulnerabilities affecting CRM with full Chinese analysis, references, and POCs where available.