RSS   Vulnerabilities for 'Xrms crm'   RSS

2014-10-26
 
CVE-2014-5520

CWE-89
 

 
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.

 
2014-09-02
 
CVE-2014-5521

CWE-89
 

 
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top