CVE-2025-5152 | Chanjet CRM up to 20250510 gblOrgID sql injection

Inserito da Angelo Barbosa | Mag 24, 2025 | CVE

A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection.

This vulnerability was named CVE-2025-5152. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5152 | Chanjet CRM up to 20250510 gblOrgID sql injection

Post correlati

CVE-2024-54452 | Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18 logsSys.do path traversal

CVE-2024-0658 | Insert PHP Code Snippet Plugin up to 1.3.4 on WordPress cross site scripting

CVE-2024-41107 | Apache CloudStack up to 4.18.2.1/4.19.0.2 CloudStack SAML Authentication authentication spoofing (ID 4519)

CVE-2025-4533 | JeecgBoot up to 3.8.0 Document Library Upload zip unzipFile resource consumption (Issue 8199)