CVE-2026-11456

HIGH

Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

Title source: cna

Description

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

Submit #828375 | Chanjet Chanjet CRM V1.0 SQL Injection

https://vuldb.com/submit/828375

Exploit exploit

https://gist.github.com/jikdarren/67ba9fdd2a8b619fc9a370102c317971

Vdb Entry, Technical Description vdb-entry technical-description

VDB-369075 | Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

https://vuldb.com/vuln/369075

Signature, Permissions Required signature permissions-required

VDB-369075 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369075/cti

Third Party Advisory third-party-advisory

CVE-2026-11456 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11456

Scores

CVSS v3 7.3

EPSS 0.0025

EPSS Percentile 16.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

Chanjet/CRM 1.0

Published Jun 07, 2026

Tracked Since Jun 07, 2026