CVE-2026-38528: Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDat

Description

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

Vendor	Product	Versions
krayin	crm	n/a

Tier C

VulDB5d ago

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:U/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

PublishedApr 14, 2026

Last enriched5d agov2

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

0 upvotes0 downvotes

Last enriched 5d ago

v2Tier C5d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v15d ago

Initial creation