This content originally appeared on DEV Community and was authored by Sharon
> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Chanjet T+ is a widely used ERP system in Asia, supporting finance, sales, procurement, and inventory management.
Recently, a serious SQL injection vulnerability was disclosed that could be chained to achieve remote code execution (RCE).
Although a patch has been released, many systems exposed to the internet remain unpatched.
1. Vulnerability Description
The issue lies in a backend function of Chanjet T+ that only performed a permission check without properly sanitizing user input.
Attackers who bypass authentication could exploit the SQL injection to execute arbitrary commands on the server.
Security researchers found that:
- Patch 13.000.001.0402 fixed the initial auth bypass prerequisite.
- Patch 13.000.001.0404 further hardened the fix with improved rules.
👉 It is strongly recommended to upgrade to 13.000.001.0404 or later (2023-02-23) to fully mitigate this risk.
Regular patching is essential to avoid exploitation of historical vulnerabilities.
2. Detection Tools
X-POC Remote Scanner
xpoc -r 102 -t <target-URL>
Download:
CloudWalker Local Scanner
chanjet_tpluspop_sqli_scanner_windows_amd64.exe scan --output result.json
Download:
3. Affected Versions
- Chanjet T+ 13.0
- Chanjet T+ 16.0
4. Mitigation
Temporary Workaround
- Restrict exposure of T+ assets to the internet.
- Use security devices to filter traffic, but note that bypass risk remains.
Permanent Fix
- Apply the official security patches (≥ 13.000.001.0404).
-
Download from the official site:
5. Product Support
- SafeLine WAF: Detects and blocks exploitation attempts by default.
- Dongjian: Supports detection via custom PoC.
- CloudWalker: Supports asset discovery; vulnerability detection package (VULN-23.06.007) released.
- Yuntu: Supports fingerprinting and PoC detection.
- Quanxi: Released patch package with detection support.
6. Timeline
- June 8: Vulnerability reported to Chaitin Tech.
- June 8: Reproduced and analyzed by Chaitin Emergency Lab.
- June 9: Advisory published by Chaitin Emergency Response Center.
References
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
This content originally appeared on DEV Community and was authored by Sharon
Sharon | Sciencx (2025-09-18T03:27:12+00:00) Critical SQL Injection in Chanjet T+ ERP Could Lead to RCE. Retrieved from https://www.scien.cx/2025/09/18/critical-sql-injection-in-chanjet-t-erp-could-lead-to-rce/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.