CVE-2026-7783

Name of the Vulnerable Software and Affected Versions CodeCanyon Perfex CRM versions prior to 3.4.2

Description A flaw in the Admin Kanban Endpoint allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue exists within the AbstractKanban::applySortQuery() function located in the application/services/AbstractKanban.php file, specifically caused by the manipulation of the this argument.

Recommendations Update to version 3.4.2 or later. As a temporary workaround, restrict access to the Admin Kanban Endpoint to minimize the risk of exploitation.