PT-2026-23626 · Defaultfuction · Jeson Customer Relationship Management System
Practice
·
Published
2026-03-06
·
Updated
2026-03-06
·
CVE-2026-3616
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DefaultFuction Jeson Customer Relationship Management System version 1.0.0
Description
A SQL injection issue exists in DefaultFuction Jeson Customer Relationship Management System version 1.0.0. The issue is located in the
/modules/customers/edit.php file. Manipulation of the ID argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available.Recommendations
Install the patch f0e991870e9d33701cca3a1d0fd4eec135af01a6 to address this issue.
Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeson Customer Relationship Management System