Krayin CRM v2.2.x allows malicious SQL code execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Krayin CRM v2.2.x allows malicious SQL code execution

CVE-2026-38528

Summary

An attacker can inject malicious SQL code into Krayin CRM, potentially gaining unauthorized access to sensitive data. This vulnerability affects Krayin CRM version 2.2.x and could be exploited by an attacker with malicious intent. Update to the latest version of Krayin CRM to fix this issue.

Original title

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

Original description

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

nvd CVSS3.1 7.1

Vulnerability type

CWE-89 SQL Injection

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38528
https://github.com/krayin/laravel-crm

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026