CVE-2011-5213
published 2012-10-25CVE-2011-5213: Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username]…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.45%
82.4th percentile
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| browsercrm | browsercrm | <= 5.100.01 | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BrowserCRM 5.100.1 - 'contact_id' SQL Injection
exploitdb·2011-12-14
CVE-2011-5213 BrowserCRM 5.100.1 - 'contact_id' SQL Injection
BrowserCRM 5.100.1 - 'contact_id' SQL Injection
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
http://www.example.com/modules/Documents/index.php?id=1&contact_id=1%27%20OR%20%271%27=%271
Exploit-DB
BrowserCRM 5.100.1 - 'parent_id' SQL Injection
exploitdb·2011-12-14
CVE-2011-5213 BrowserCRM 5.100.1 - 'parent_id' SQL Injection
BrowserCRM 5.100.1 - 'parent_id' SQL Injection
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
http://www.example.com/modules/Documents/version_list.php?parent_id=1%20AND%201=2%20--%202
No writeups or analysis indexed.
http://osvdb.org/77733http://osvdb.org/77734http://osvdb.org/77735http://secunia.com/advisories/47217https://exchange.xforce.ibmcloud.com/vulnerabilities/71828https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.htmlhttp://osvdb.org/77733http://osvdb.org/77734http://osvdb.org/77735http://secunia.com/advisories/47217https://exchange.xforce.ibmcloud.com/vulnerabilities/71828https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
2012-10-25
Published