CVE-2014-5520
CVE-2014-5520 concerns XRMS CRM (likely version 1.99.2) with an SQL injection in the user_id parameter of plugins/webform/new-form.php, not properly sanitized by plugins/useradmin/fingeruser.php. The vulnerability allows remote attackers to execute arbitrary SQL commands, per the NVD entry. The p...