5 matches found
CVE-2026-49141
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
CVE-2011-5213
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Sql injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or the 2 option, 3 Itemid, 4 id, 5 task, 6 bid, and 7 contactid parameters. NOTE: the error might be located in...