Lucene search

[email protected]CVE-2011-5213

HistoryOct 25, 2012 - 5:55 p.m.

CVE-2011-5213

2012-10-2517:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve

2011

5213

sql injection

browsercrm

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.

Affected configurations

NVD

Node

browsercrmbrowsercrmRange≤5.100.01

browsercrmbrowsercrmMatch4.604.01

browsercrmbrowsercrmMatch4.605.00

browsercrmbrowsercrmMatch4.607.00

browsercrmbrowsercrmMatch4.610.00

browsercrmbrowsercrmMatch4.611.01

browsercrmbrowsercrmMatch4.612.00

browsercrmbrowsercrmMatch4.614.00

browsercrmbrowsercrmMatch4.615.10

browsercrmbrowsercrmMatch4.615.11

browsercrmbrowsercrmMatch4.616.00

browsercrmbrowsercrmMatch4.617.00

browsercrmbrowsercrmMatch4.619.00

browsercrmbrowsercrmMatch4.620.01

browsercrmbrowsercrmMatch4.622.00

browsercrmbrowsercrmMatch4.624.00

browsercrmbrowsercrmMatch4.624.01

browsercrmbrowsercrmMatch4.624.50

browsercrmbrowsercrmMatch4.624.60

browsercrmbrowsercrmMatch4.624.70

browsercrmbrowsercrmMatch4.624.80

browsercrmbrowsercrmMatch4.624.90

browsercrmbrowsercrmMatch4.691.01

browsercrmbrowsercrmMatch4.999.20

browsercrmbrowsercrmMatch5.000.00

browsercrmbrowsercrmMatch5.000.01

browsercrmbrowsercrmMatch5.001.00

browsercrmbrowsercrmMatch5.002.00

browsercrmbrowsercrmMatch5.100.00

CPENameOperatorVersion
browsercrm:browsercrmbrowsercrmle5.100.01
browsercrm:browsercrmbrowsercrmeq4.604.01
browsercrm:browsercrmbrowsercrmeq4.605.00
browsercrm:browsercrmbrowsercrmeq4.607.00
browsercrm:browsercrmbrowsercrmeq4.610.00
browsercrm:browsercrmbrowsercrmeq4.611.01
browsercrm:browsercrmbrowsercrmeq4.612.00
browsercrm:browsercrmbrowsercrmeq4.614.00
browsercrm:browsercrmbrowsercrmeq4.615.10
browsercrm:browsercrmbrowsercrmeq4.615.11

CPE	Name	Operator	Version
browsercrm:browsercrm	browsercrm	le	5.100.01
browsercrm:browsercrm	browsercrm	eq	4.604.01
browsercrm:browsercrm	browsercrm	eq	4.605.00
browsercrm:browsercrm	browsercrm	eq	4.607.00
browsercrm:browsercrm	browsercrm	eq	4.610.00
browsercrm:browsercrm	browsercrm	eq	4.611.01
browsercrm:browsercrm	browsercrm	eq	4.612.00
browsercrm:browsercrm	browsercrm	eq	4.614.00
browsercrm:browsercrm	browsercrm	eq	4.615.10
browsercrm:browsercrm	browsercrm	eq	4.615.11

Rows per page:

1-10 of 291

References

osvdb.org/77733

osvdb.org/77734

osvdb.org/77735

secunia.com/advisories/47217

exchange.xforce.ibmcloud.com/vulnerabilities/71828

www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2011-5213

cvelist1 nvd1 prion1 openvas1