A vulnerability was found in Chanjet CRM 1.0 . It has been declared as critical . This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler . Such manipulation of the argument gblOrgID leads to sql injection. This vulnerability is traded as CVE-2026-11456 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.