CVE-2026-11456

HIGH 7.3

Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

9th

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	chanjet
Product	crm
Published	Jun 7, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for chanjet crm

Be the first to know when new high vulnerabilities affecting chanjet crm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Chanjet / CRM

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369075 vuldb.com: https://vuldb.com/vuln/369075/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11456 vuldb.com: https://vuldb.com/submit/828375 gist.github.com: https://gist.github.com/jikdarren/67ba9fdd2a8b619fc9a370102c317971

Credits

🔍 jikdarren (VulDB User) VulDB CNA Team