CVE-2026-7782
published 2026-05-04CVE-2026-7782: A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php…
PriorityP342medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.21%
11.4th percentile
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from remote. The exploit is now public and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecanyon | perfex_crm | — | — |
| codecanyon | perfex_crm | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jqqg-v7qj-c3jq: A vulnerability was detected in CodeCanyon Perfex CRM up to 3
ghsa_unreviewed·2026-05-05
CVE-2026-7782 [LOW] CWE-285 GHSA-jqqg-v7qj-c3jq: A vulnerability was detected in CodeCanyon Perfex CRM up to 3
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from remote. The exploit is now public and may be used.
VulDB
CodeCanyon Perfex CRM up to 3.4.1 Tenant Clients.php Clients::project ID authorization (EUVD-2026-27153)
vuldb·2026-05-04·CVSS 2.1
CVE-2026-7782 [LOW] CodeCanyon Perfex CRM up to 3.4.1 Tenant Clients.php Clients::project ID authorization (EUVD-2026-27153)
A vulnerability, which was classified as critical, was found in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass.
This vulnerability was named CVE-2026-7782. The attack may be performed from remote. In addition, an exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published