Chanjet CRM SQL Injection Vulnerability in New Activity Edit File
Vulnerability
A critical SQL injection vulnerability has been identified in Chanjet CRM versions prior to 20250510. The issue arises in the file '/activity/newActivityedit.php' when the 'gblOrgID' argument is manipulated. This vulnerability can be exploited remotely, allowing attackers to interfere with the application's database queries.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
3.1exploitability
6.6remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.