Critical SQL Injection in Chanjet T+ ERP Could Lead to RCE

> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

Chanjet T+ is a widely used ERP system in Asia, supporting finance, sales, procurement, and inventory management.

Recently, a serious SQL injection vulnerability was disclosed that could be chained to achieve remote code execution (RCE).

Although a patch has been released, many systems exposed to the internet remain unpatched.

---

1. Vulnerability Description

The issue lies in a backend function of Chanjet T+ that only performed a permission check without properly sanitizing user input.

Attackers who bypass authentication could exploit the SQL injection to execute arbitrary commands on the server.

Security researchers found that:

• Patch 13.000.001.0402 fixed the initial auth bypass prerequisite.
• Patch 13.000.001.0404 further hardened the fix with improved rules.

👉 It is strongly recommended to upgrade to 13.000.001.0404 or later (2023-02-23) to fully mitigate this risk.

Regular patching is essential to avoid exploitation of historical vulnerabilities.

---

2. Detection Tools

X-POC Remote Scanner

xpoc -r 102 -t <target-URL>

Download:

• https://github.com/chaitin/xpoc
• https://stack.chaitin.com/tool/detail?id=1036

CloudWalker Local Scanner

chanjet_tpluspop_sqli_scanner_windows_amd64.exe scan --output result.json

Download:

• https://stack.chaitin.com/tool/detail?id=1178

---

3. Affected Versions

• Chanjet T+ 13.0
• Chanjet T+ 16.0

---

4. Mitigation

Temporary Workaround

• Restrict exposure of T+ assets to the internet.
• Use security devices to filter traffic, but note that bypass risk remains.

Permanent Fix

• Apply the official security patches (≥ 13.000.001.0404).

• Download from the official site:

  • https://www.chanjetvip.com/product/goods/

---

5. Product Support

• SafeLine WAF: Detects and blocks exploitation attempts by default.
• Dongjian: Supports detection via custom PoC.
• CloudWalker: Supports asset discovery; vulnerability detection package (VULN-23.06.007) released.
• Yuntu: Supports fingerprinting and PoC detection.
• Quanxi: Released patch package with detection support.

---

6. Timeline

• June 8: Vulnerability reported to Chaitin Tech.
• June 8: Reproduced and analyzed by Chaitin Emergency Lab.
• June 9: Advisory published by Chaitin Emergency Response Center.

---

References

• Chanjet T+ Official Website

---

Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

• GitHub Repository
• Official Docs
• Discord Community