PT-2026-36932 · Codecanyon · Perfex Crm

Jobyer Ahmed

Published

2026-05-04

Updated

2026-05-05

CVE-2026-7783

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CodeCanyon Perfex CRM versions prior to 3.4.2

Description A flaw in the Admin Kanban Endpoint allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue exists within the AbstractKanban::applySortQuery() function located in the application/services/AbstractKanban.php file, specifically caused by the manipulation of the this argument.

Recommendations Update to version 3.4.2 or later. As a temporary workaround, restrict access to the Admin Kanban Endpoint to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2026-7783

Affected Products

Perfex Crm

PT-2026-36932 · Codecanyon · Perfex Crm

CVE-2026-7783

Weakness Enumeration

Related Identifiers

Affected Products

References · 10