3 matches found
CVE-2026-38530
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
PT-2025-39818
Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. The issue occurs when sending a POST request to the /admin/leads/lead endpoint with...
PT-2023-15497 · Unknown · Lead Management System
Name of the Vulnerable Software and Affected Versions: Lead Management System version 1.0 Description: The issue concerns SQL Injection via the id parameter in the "removeLead.php" endpoint. This allows for potential manipulation of database queries. Recommendations: For Lead Management System...