Skip to main content

Chanjet CRM EUVD-2026-34986

| CVE-2026-11456 MEDIUM
SQL Injection (CWE-89)
2026-06-07 VulDB GHSA-m34f-6c67-jx84
PHP SQLi
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 07, 2026 - 09:22 NVD
HIGH MEDIUM
CVSS changed
Jun 07, 2026 - 09:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
Analysis Generated
Jun 07, 2026 - 08:42 vuln.today

DescriptionCVE.org

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Chanjet CRM 1.0 allows remote unauthenticated attackers to manipulate the gblOrgID parameter of /tools/jxf_dump_systable.php to inject arbitrary SQL into the backend database. Publicly available exploit code exists (referenced via a public gist), and the vendor did not respond to disclosure attempts, leaving deployments exposed without official remediation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Chanjet CRM instance
Delivery
Craft malicious gblOrgID GET parameter
Exploit
Send request to /tools/jxf_dump_systable.php
Execution
Inject SQL into backend query
Impact
Exfiltrate or modify database records
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerable /tools/jxf_dump_systable.php endpoint must be reachable by the attacker over HTTP/HTTPS, and the attacker must be able to send a GET request with a manipulated gblOrgID parameter - no authentication, user interaction, or special configuration is required per CVSS PR:N/UI:N and the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L scores 7.3 and indicates network-reachable, low-complexity, unauthenticated exploitation with limited impact across confidentiality, integrity, and availability - consistent with a SQLi that can read and modify database rows but not necessarily achieve full DB takeover or RCE in the base scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker scans for exposed Chanjet CRM instances and issues a crafted HTTP GET to /tools/jxf_dump_systable.php with a malicious gblOrgID payload (such as a UNION-based or boolean-based SQLi pattern), exfiltrating customer records, user credentials, or organizational data from the CRM database. Because publicly available exploit code exists in a public gist, low-skill attackers and automated scanners can weaponize this against any internet-exposed deployment with minimal effort.
Remediation No vendor-released patch identified at time of analysis - the vendor did not respond to coordinated disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all Chanjet CRM 1.0 instances in production and staging; deploy firewall or WAF rules to block access to /tools/jxf_dump_systable.php or filter SQL injection patterns; enable database query audit logging. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

EUVD-2026-34986 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy