PT-2026-23626 · Defaultfuction · Jeson Customer Relationship Management System

Practice

·

Publicado

2026-03-06

·

Atualizado

2026-03-06

·

CVE-2026-3616

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions DefaultFuction Jeson Customer Relationship Management System version 1.0.0
Description A SQL injection issue exists in DefaultFuction Jeson Customer Relationship Management System version 1.0.0. The issue is located in the /modules/customers/edit.php file. Manipulation of the ID argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available.
Recommendations Install the patch f0e991870e9d33701cca3a1d0fd4eec135af01a6 to address this issue.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-3616

Produtos afetados

Jeson Customer Relationship Management System