Submit #616840: BossSoft CRM V6.0 SQL Injectioninfo

TitleBossSoft CRM V6.0 SQL Injection
DescriptionDuring a security review of BossSoft V6.0, a critical SQL injection vulnerability was discovered in the file "/crm/module/HNDCBas_customPrmSearchDtl.jsp". The "cstid" parameter is vulnerable to SQL injection, enabling attackers to retrieve data or execute commands without authentication.
Source⚠️ https://github.com/cc2024k/CVE/issues/1
User
 cc2024k (UID 87907)
Submission07/16/2025 07:24 (9 months ago)
Moderation07/18/2025 10:57 (2 days later)
StatusAccepted
VulDB entry316867 [BossSoft CRM 6.0 HNDCBas_customPrmSearchDtl.jsp cstid sql injection]
Points18

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!