CVE-2021-41746

HIGH

Yonyou TurboCRM - SQL Injection via orgcode Parameter

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1
Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/flaw/show/CNVD-2020-21956

Scores

CVSS v3 7.5
EPSS 0.0123
EPSS Percentile 65.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
yonyou/turbocrm
Published Oct 29, 2021
Tracked Since Feb 18, 2026