CVE-2025-14190
📋 TL;DR
This SQL injection vulnerability in Chanjet TPlus allows remote attackers to execute arbitrary SQL commands via the 'currentAccId' parameter in the MultiCompanySettingController endpoint. Attackers can potentially access, modify, or delete database content. All Chanjet TPlus installations up to version 20251121 are affected.
💻 Affected Systems
- Chanjet TPlus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, privilege escalation to administrative access, and potential lateral movement to other systems.
Likely Case
Data exfiltration from the TPlus database, including sensitive business information, user credentials, and financial data.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data reading from specific tables.
🎯 Exploit Status
Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Contact Chanjet vendor for updates. Monitor vendor communications for security patches.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint
Network Access Control
allRestrict access to the /tplus/ajaxpro/ endpoint to trusted IP addresses only
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all database interactions
- Deploy database monitoring to detect unusual SQL query patterns and access attempts
🔍 How to Verify
Check if Vulnerable:
Test the endpoint /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load with SQL injection payloads in the currentAccId parameterCheck Version:
Check TPlus version through application interface or configuration filesVerify Fix Applied:
Verify that SQL injection attempts no longer succeed and that input validation is properly implemented📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed authentication attempts following SQL injection patterns
- Unusual database query patterns from web server IP
Network Indicators:
- HTTP requests to the vulnerable endpoint with SQL keywords in parameters
- Unusual outbound database connections from web server
SIEM Query:
source="web_logs" AND uri="/tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx" AND (param="currentAccId" AND value CONTAINS "' OR " OR "--" OR ";")