CVE-2026-7783

MEDIUM

CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection

Title source: cna

Description

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360980 | CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection

https://vuldb.com/vuln/360980

Signature, Permissions Required signature permissions-required

VDB-360980 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360980/cti

Third Party Advisory third-party-advisory

Submit #807743 | CodeCanyon Perfex CRM 3.4.1 SQL Injection

https://vuldb.com/submit/807743

Exploit exploit

https://bytium.com/insights/blind-sql-injection-in-perfex-crm-3-4-1

Scores

CVSS v3 6.3

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (2)

CodeCanyon/Perfex CRM 3.4.0

CodeCanyon/Perfex CRM 3.4.1

Published May 05, 2026

Tracked Since May 05, 2026