Chanjet CRM departmentsetting.php sql injection

June 16, 2025 invoker category_cve

CVE Details

Basic Information

Title Chanjet CRM departmentsetting.php sql injection
Type cve
Published 2025-06-16T17:31:05.267Z
Last Seen

Product Information

Vendor Chanjet
Product CRM
Version 1.0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A critical SQL injection vulnerability in Chanjet CRM 1.0 allows remote attackers to inject malicious SQL code via the gblOrgID argument in departmentsetting.php, potentially leading to unauthorized data access and manipulation.
AI Severity High
Vendor Chanjet
Product CRM
Affected Version 1.0

Affected Products

  • Chanjet CRM 1.0

Additional Information

CVE List
CWE List CWE-89, CWE-74
Bulletin Family

Description

A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.