CVE-2026-11456 | Chanjet CRM 1.0 HTTP GET Request jxf_dump_systable.php gblOrgID sql injection

Inserito da Angelo Barbosa | Giu 6, 2026 | CVE

A vulnerability was found in Chanjet CRM 1.0. It has been declared as critical. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection.

This vulnerability is traded as CVE-2026-11456. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-11456 | Chanjet CRM 1.0 HTTP GET Request jxf_dump_systable.php gblOrgID sql injection

Post correlati

CVE-2026-3673 | Frappe 16.10.10 Tag _user_tags cross site scripting

CVE-2024-2804 | Network Summary Plugin up to 2.0.11 on WordPress sql injection

CVE-2024-10916 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L up to 20241028 HTTP GET Request /xml/info.xml information disclosure

CVE-2023-28149 | Insyde InsydeH2O IhisiServiceSmm Module Privilege Escalation