CVE-2026-11456
HighCVSS 7.3Summary
A vulnerability was identified in Chanjet CRM 1.0 affecting an unknown part of the file /tools/jxf_dump_systable.php of the HTTP GET Request Handler component. Manipulation of the argument gblOrgID leads to SQL injection.
Risk Assessment
The attack may be launched remotely, and publicly available exploits increase the risk of this vulnerability being exploited by potential attackers.
Recommendation
It is recommended to immediately update Chanjet CRM to the latest version and monitor the system for unauthorized activities.
Original NVD description (English source)
A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

