CVE-2026-11456
Description
Chanjet CRM 1.0 is vulnerable to SQL injection in jxf_dump_systable.php via the gblOrgID parameter, allowing remote attackers to access sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Chanjet CRM 1.0 is vulnerable to SQL injection in jxf_dump_systable.php via the gblOrgID parameter, allowing remote attackers to access sensitive data.
Vulnerability
A SQL injection vulnerability exists in Chanjet CRM version 1.0 within the /tools/jxf_dump_systable.php file. The gblOrgID parameter is directly concatenated into SQL queries without proper validation or parameterization, allowing attackers to execute arbitrary SQL commands [1].
Exploitation
An attacker can exploit this vulnerability remotely via an HTTP GET request without requiring any authentication or prior access to the system. The attack involves manipulating the gblOrgID parameter with malicious SQL code, as demonstrated by a proof-of-concept request [1].
Impact
Successful exploitation can lead to unauthorized access to sensitive user data and business information, potential privilege escalation through database access, and possibly remote code execution on the database server, resulting in a complete compromise of the CRM system and its data [1].
Mitigation
No specific patched version or release date has been disclosed by the vendor. Recommended fixes include implementing parameterized queries, applying strict input validation, enforcing the principle of least privilege, conducting code security audits, and deploying a web application firewall as temporary protection [1]. The vendor was contacted but did not respond.
AI Insight generated on Jun 7, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The 'gblOrgID' parameter is directly concatenated into SQL queries without proper validation or parameterization."
Attack vector
The vulnerability is triggered via an HTTP GET request to the `/tools/jxf_dump_systable.php` endpoint. An attacker can manipulate the `gblOrgID` parameter to inject malicious SQL code. This attack can be launched remotely and requires no authentication. The provided proof-of-concept demonstrates a time-based SQL injection by using a `SLEEP` function within the `gblOrgID` parameter [ref_id=1].
Affected code
The vulnerability resides in the `/tools/jxf_dump_systable.php` file within the Chanjet CRM application. Specifically, the `gblOrgID` parameter is directly incorporated into SQL queries, leading to SQL injection [ref_id=1].
What the fix does
The advisory does not provide a patch or specific remediation steps beyond general recommendations. It suggests implementing parameterized queries using prepared statements and applying strict input validation and filtering for all user inputs as recommended fixes [ref_id=1].
Preconditions
- authNo authentication is required to exploit this vulnerability [ref_id=1].
- networkThe attack can be launched remotely over the network.
Reproduction
GET /tools/jxf_dump_systable.php?id=1&gblOrgID=1+AND+(SELECT+8198+FROM+(SELECT(SLEEP(5)))TIhN)&DontCheckLogin=1 HTTP/1.1 Host: 124.71.22.118:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Accept: / Connection: close [ref_id=1]
Generated on Jun 7, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.