krayin/laravel-crm Security Advisories for v2.1.6 (5)
-
[HIGH] Webkul Krayin CRM has Server-Side Request Forgery (SSRF)
PKSA-gcg3-xvcm-8tz7 CVE-2026-38527 GHSA-fpx9-9hq8-w2xc
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php
PKSA-5xsp-55yb-hdyp CVE-2026-38529 GHSA-r8rp-5f55-5j9x
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
PKSA-y1wv-79ht-f4db CVE-2026-38530 GHSA-rm5f-3c25-p4cw
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
PKSA-2w9z-jxqd-y35k CVE-2026-38532 GHSA-2xx8-j85v-j7wh
Affected version: <=2.2.0
Reported by:
GitHub -
[LOW] Krayin CRM is vulnerable to Cross-site Scripting (XSS)
PKSA-9rzv-szxy-ckw5 CVE-2026-5370 GHSA-9m2v-hc5g-5jpv
Affected version: <=2.2.0
Reported by:
GitHub