CRM — Vulnerabilities & Security Advisories 78

All 78 CVE vulnerabilities found in CRM, with AI-generated Chinese analysis, references, and POCs.

Vendor: oroinc

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-67874	ChurchCRM has plaintext password return in response CWE-204	8.1^AI	High^AI	2025-12-16
CVE-2025-14189	Chanjet CRM jxf_dump_table_demo.php sql injection CWE-89	7.3	High	2025-12-07
CVE-2025-66313	ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter CWE-89	7.7^AI	High^AI	2025-12-01
CVE-2025-13788	Chanjet CRM upgradeattribute.php sql injection CWE-89	7.3	High	2025-11-30
CVE-2025-7915	Chanjet CRM Login Page mailinactive.php sql injection CWE-89	7.3	High	2025-07-21
CVE-2025-7801	BossSoft CRM HNDCBas_customPrmSearchDtl.jsp sql injection CWE-89	7.3	High	2025-07-18
CVE-2025-6132	Chanjet CRM departmentsetting.php sql injection CWE-89	7.3	High	2025-06-16
CVE-2025-5152	Chanjet CRM newActivityedit.php sql injection CWE-89	6.3	Medium	2025-05-25
CVE-2025-1618	vTiger CRM index.php cross site scripting CWE-79	4.3	Medium	2025-02-24
CVE-2024-8867	Perfex CRM Parameter Clients.php cross site scripting CWE-79	3.5	Low	2024-09-15
CVE-2024-39304	ChurchCRM SQL Injection Vulnerability CWE-89	8.8	High	2024-07-26
CVE-2023-32063	OroCRMCallBundle has incorrect call view page visibility CWE-284	5.0	Medium	2023-11-28
CVE-2023-32062	OroCalendarBundle has incorrect system calendar events visibility CWE-284	5.0	Medium	2023-11-27
CVE-2023-5020	07FLY CRM Administrator Login Page sql injection CWE-89	7.3	High	2023-09-17
CVE-2023-3505	Onest CRM Project List 2 cross site scripting CWE-79	3.5	Low	2023-07-04
CVE-2023-3058	07FLY CRM User Profile cross site scripting CWE-79	3.5	Low	2023-06-02
CVE-2023-27897	Code Injection vulnerability in SAP CRM CWE-94	6.0	Medium	2023-04-11
CVE-2021-39198	The disqualify lead action may be executed without CSRF token check CWE-352	4.2	Medium	2021-11-19

All 78 known CVE vulnerabilities affecting CRM with full Chinese analysis, references, and POCs where available.