CVE Catalog

CVE-2026-11456

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in Chanjet CRM 1.0 affecting an unknown part of the file /tools/jxf_dump_systable.php of the HTTP GET Request Handler component. Manipulation of the argument gblOrgID leads to SQL injection.

Risk Assessment

The attack may be launched remotely, and publicly available exploits increase the risk of this vulnerability being exploited by potential attackers.

Recommendation

It is recommended to immediately update Chanjet CRM to the latest version and monitor the system for unauthorized activities.

Original NVD description (English source)

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS