Description
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.
Published: 2026-03-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The 1.0.0 release of the DefaultFuction Jeson Customer Relationship Management System contains a flaw in the /modules/customers/edit.php file that allows an attacker to manipulate the ID parameter to inject arbitrary SQL code. This injection vulnerability arises from unsafe processing of user input and can enable unauthorized reading or modification of database records. The flaw is a classic instance of SQL injection, providing the attacker with the potential to compromise data confidentiality and integrity.

Affected Systems

Only the DefaultFuction Jeson Customer Relationship Management System version 1.0.0 is known to be vulnerable; no other versions are listed as affected.

Risk and Exploitability

The security severity score of the vulnerability is 5.3, indicating moderate risk, and its exploitation probability is estimated to be below 1%. The vulnerability is not cataloged in the CISA Known Exploited Vulnerabilities list, but a publicly available exploit demonstrates that remote attackers can alter the ID argument to inject SQL. Successful exploitation could allow unauthorized access to sensitive data or the ability to tamper with existing records, potentially leading to data breaches or corruption.

Generated by OpenCVE AI on April 17, 2026 at 12:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch identified by commit f0e991870e9d33701cca3a1d0fd4eec135af01a6 to fix the flaw
  • Upgrade to the latest version of the Jeson Customer Relationship Management System where the issue has been resolved
  • Rewrite the code to use parameterized queries and perform strict validation or sanitization of the ID input before database usage
  • Limit access to the edit module so that only authorized users can reach it and regularly review logs for suspicious SQL activity

Generated by OpenCVE AI on April 17, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Defaultfuction
Defaultfuction jeson Customer Relationship Management System
Vendors & Products Defaultfuction
Defaultfuction jeson Customer Relationship Management System

Fri, 06 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.
Title DefaultFuction Jeson Customer Relationship Management System edit.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Defaultfuction Jeson Customer Relationship Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-09T15:30:41.673Z

Reserved: 2026-03-05T18:42:24.952Z

Link: CVE-2026-3616

cve-icon Vulnrichment

Updated: 2026-03-09T15:30:38.065Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-06T03:15:52.220

Modified: 2026-03-09T13:36:08.413

Link: CVE-2026-3616

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:30:06Z

Weaknesses