Hala

**Name of the Vulnerable Software and Affected Versions** Chanjet CRM versions prior to 20251107 **Description** A flaw exists in Chanjet CRM that allows for SQL injection. The issue is located in the `/tools/upgradeattribute.php` file, specifically within an unknown function. Manipulation of the `gblOrgID` parameter can trigger the injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 20251107 should be updated. As a temporary workaround, restrict access to the `/tools/upgradeattribute.php` file. Avoid using the `gblOrgID` parameter in the affected file until the issue is resolved.