Tomikun2

1 exploit Active since Feb 2026
CVE-2025-70981 WRITEUP CRITICAL WRITEUP
CordysCRM 1.4.1 - SQL Injection via DepartmentIds Parameter
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
CVSS 9.8