{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-38528/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-38528"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-38528","krayin-crm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eKrayin CRM v2.2.x is susceptible to a SQL injection vulnerability identified as CVE-2026-38528. The vulnerability resides in the \u003ccode\u003e/Lead/LeadDataGrid.php\u003c/code\u003e script, specifically within the \u003ccode\u003erotten_lead\u003c/code\u003e parameter. An attacker could exploit this vulnerability by injecting malicious SQL queries, potentially gaining unauthorized access to sensitive information stored within the CRM database. The CVSS v3.1 score is 7.1, indicating a high severity level. Successful exploitation requires a low level of privileges. This vulnerability was reported in April 2026 and could impact organizations using the affected Krayin CRM version, leading to data breaches and potential compromise of customer information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Krayin CRM v2.2.x instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting \u003ccode\u003e/Lead/LeadDataGrid.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes a SQL injection payload within the \u003ccode\u003erotten_lead\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe Krayin CRM application processes the request without proper sanitization of the \u003ccode\u003erotten_lead\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL query is executed against the CRM database.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive data from the database, such as customer details, user credentials, or financial information.\u003c/li\u003e\n\u003cli\u003eThe attacker may use the compromised data for further malicious activities, such as identity theft or financial fraud.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability could lead to the unauthorized disclosure of sensitive customer data, financial records, and internal CRM data. This could result in significant financial losses, reputational damage, and legal repercussions for affected organizations. While the exact number of potential victims is unknown, any organization using Krayin CRM v2.2.x is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates from the vendor to address CVE-2026-38528.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003erotten_lead\u003c/code\u003e parameter within \u003ccode\u003e/Lead/LeadDataGrid.php\u003c/code\u003e to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Krayin CRM SQL Injection Attempt\u0026rdquo; to your SIEM and tune for your environment.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting \u003ccode\u003e/Lead/LeadDataGrid.php\u003c/code\u003e with potentially malicious SQL syntax.\u003c/li\u003e\n\u003cli\u003eImplement strong database access controls to limit the impact of successful SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-krayin-sqli/","summary":"Krayin CRM v2.2.x is vulnerable to SQL injection via the rotten_lead parameter in /Lead/LeadDataGrid.php, potentially allowing attackers to read sensitive data.","title":"Krayin CRM v2.2.x SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-krayin-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-38528","version":"https://jsonfeed.org/version/1.1"}