Chanjet CRM SQL Injection Vulnerability in Upgrade Attribute Tool

A critical SQL injection vulnerability exists in Chanjet CRM versions prior to 20251106, specifically within the upgradeattribute.php file. The vulnerability arises because the gblOrgID parameter is improperly sanitized, allowing remote attackers to execute arbitrary SQL commands on the backend database. This could lead to unauthorized access to sensitive data, potential privilege escalation, and in some cases, remote code execution on the database server.

Impact

Exploitation of this vulnerability allows for SQL injection, which could result in unauthorized database access, manipulation of database contents, and potentially executing arbitrary code on the database server.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the upgradeattribute.php file with the gblOrgID parameter. The request can include a crafted SQL payload that exploits the injection vulnerability, such as a SQL injection payload that, for example, uses a time-based blind SQL injection technique.

Remediation

No specific remediation is known, but general best practices for SQL injection vulnerabilities include implementing parameterized queries, applying strict input validation, and conducting regular security audits.