Tomikun2/SQL-Injection-in-CordysCRM

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70981 ↗	Feb 12, 2026Thursday, 12 February 2026, 18:16	9.8 CRITICAL	—
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.