Primary

Context

Chanjet CRM SQL Injection Vulnerability in Login Page Component

Vulnerability

A critical SQL injection vulnerability has been identified in Chanjet CRM version 1.0. The issue arises in the Login Page component, specifically within the file '/mail/mailinactive.php'. This vulnerability can be exploited remotely, allowing attackers to manipulate input and execute unauthorized SQL commands, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/mail/mailinactive.php' endpoint without any authentication. The lack of input validation allows for SQL injection by manipulating the request parameters to include malicious SQL code.

Added: Jul 21, 2025, 1:27 AM

Updated: Jul 21, 2025, 1:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chanjet CRM SQL Injection Vulnerability in Login Page Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating