CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...

7.5CVSS8.4AI score0.05965EPSS

Exploits1References6

Prion•added 2014/10/26 8:55 p.m.•12 views

Sql injection

7.5CVSS9.1AI score0.05965EPSS

Exploits1References6Affected Software1

Cvelist•added 2014/10/26 8:0 p.m.•20 views

CVE-2014-5520

8.4AI score0.05965EPSS

Exploits1References6

CVE•added 2014/10/26 8:0 p.m.•37 views

CVE-2014-5520

CVE-2014-5520 concerns XRMS CRM (likely version 1.99.2) with an SQL injection in the user_id parameter of plugins/webform/new-form.php, not properly sanitized by plugins/useradmin/fingeruser.php. The vulnerability allows remote attackers to execute arbitrary SQL commands, per the NVD entry. The p...

7.5CVSS8.7AI score0.05965EPSS

Exploits1References6Affected Software1

NVD•added 2014/09/02 2:55 p.m.•8 views

CVE-2014-5521

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter...

6.5CVSS7.4AI score0.08516EPSS

Exploits1References5

Prion•added 2014/09/02 2:55 p.m.•6 views

Code injection

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter...

6.5CVSS8AI score0.08516EPSS

Exploits1References5Affected Software1

Cvelist•added 2014/09/02 2:0 p.m.•16 views

CVE-2014-5521

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter...

7.4AI score0.08516EPSS

Exploits1References5

CVE•added 2014/09/02 2:0 p.m.•41 views

CVE-2014-5521

XRMS CRM (plugin path plugins/useradmin/fingeruser.php) is affected by CVE-2014-5521. The vulnerability allows remote authenticated users to execute arbitrary code through shell metacharacters in the username parameter, due to insufficient input validation in fingeruser.php (likely in XRMS CRM 1....

6.5CVSS7.7AI score0.08516EPSS

Exploits1References5Affected Software1

Exploit DB•added 2014/08/28 12:0 a.m.•23 views

XRms - Blind SQL Injection / Command Execution

XRMS Blind SQLi via $SESSION poisoning, then command exec import urllib import urllib2 import time import sys usercharac = 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','@','.','','-','1','2','3','4','5','6','7','8','9','0' userascii = 97,...

7.4AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•17 views

XRMS 1.99.2 login.php target Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•13 views

XRMS 1.99.2 - activities/some.php title Parameter XSS

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

XRMS 1.99.2 campaigns/some.php campaign_title Parameter XSS

7.1AI score

Exploits0

Rows per page