An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote malicious user to execute arbitrary code via the parseObject() function in the fastjson component.