Skip to content
Threat Feed
high advisory

Krayin CRM v2.2.x SQL Injection Vulnerability

Krayin CRM v2.2.x is vulnerable to SQL injection via the rotten_lead parameter in /Lead/LeadDataGrid.php, potentially allowing attackers to read sensitive data.

Krayin CRM v2.2.x is susceptible to a SQL injection vulnerability identified as CVE-2026-38528. The vulnerability resides in the /Lead/LeadDataGrid.php script, specifically within the rotten_lead parameter. An attacker could exploit this vulnerability by injecting malicious SQL queries, potentially gaining unauthorized access to sensitive information stored within the CRM database. The CVSS v3.1 score is 7.1, indicating a high severity level. Successful exploitation requires a low level of privileges. This vulnerability was reported in April 2026 and could impact organizations using the affected Krayin CRM version, leading to data breaches and potential compromise of customer information.

Attack Chain

  1. An attacker identifies a vulnerable Krayin CRM v2.2.x instance.
  2. The attacker crafts a malicious HTTP request targeting /Lead/LeadDataGrid.php.
  3. The HTTP request includes a SQL injection payload within the rotten_lead parameter.
  4. The Krayin CRM application processes the request without proper sanitization of the rotten_lead parameter.
  5. The injected SQL query is executed against the CRM database.
  6. The attacker retrieves sensitive data from the database, such as customer details, user credentials, or financial information.
  7. The attacker may use the compromised data for further malicious activities, such as identity theft or financial fraud.

Impact

Successful exploitation of this SQL injection vulnerability could lead to the unauthorized disclosure of sensitive customer data, financial records, and internal CRM data. This could result in significant financial losses, reputational damage, and legal repercussions for affected organizations. While the exact number of potential victims is unknown, any organization using Krayin CRM v2.2.x is at risk.

Recommendation

  • Apply any available patches or updates from the vendor to address CVE-2026-38528.
  • Implement input validation and sanitization on the rotten_lead parameter within /Lead/LeadDataGrid.php to prevent SQL injection attacks.
  • Deploy the Sigma rule “Detect Krayin CRM SQL Injection Attempt” to your SIEM and tune for your environment.
  • Monitor web server logs for suspicious requests targeting /Lead/LeadDataGrid.php with potentially malicious SQL syntax.
  • Implement strong database access controls to limit the impact of successful SQL injection attacks.

Detection coverage 2

Detect Krayin CRM SQL Injection Attempt

high

Detects potential SQL injection attempts targeting the /Lead/LeadDataGrid.php endpoint in Krayin CRM.

sigma tactics: initial_access techniques: T1190 sources: webserver, linux

Detect Krayin CRM Error Based SQL Injection

high

Detects error-based SQL injection attempts targeting Krayin CRM.

sigma tactics: initial_access techniques: T1190 sources: webserver, linux

Detection queries are kept inside the platform. Get full rules →