CVE-2014-5520
published 2014-10-26CVE-2014-5520: SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.56%
83.1th percentile
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xrms_crm_project | xrms_crm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4mm8-64vx-2c9r: SQL injection vulnerability in XRMS CRM, possibly 1
ghsa_unreviewed·2022-05-17
CVE-2014-5520 [HIGH] CWE-89 GHSA-4mm8-64vx-2c9r: SQL injection vulnerability in XRMS CRM, possibly 1
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
Kernel
Merge tag 'v3.19-rc6' into patchwork
kernel_security·2015-01-27·CVSS 4.9
CVE-2014-8480 [MEDIUM] Merge tag 'v3.19-rc6' into patchwork
Merge tag 'v3.19-rc6' into patchwork
This is needed in order to get the media fixes applied on -rc6.
Linux 3.19-rc6
* tag 'v3.19-rc6': (891 commits)
Linux 3.19-rc6
dm: fix handling of multiple internal suspends
hwmon: (i5500_temp) Convert to use ATTRIBUTE_GROUPS macro
hwmon: (i5500_temp) Convert to module_pci_driver
hwmon: (i5500_temp) Don't bind to disabled sensors
hwmon: (i5500_temp) Convert to devm_hwmon_device_register_with_groups
hwmon: (i5500_temp) New driver for the Intel 5500/5520/X58 chipsets
arm64: dts: add baud rate to Juno stdout-path
Revert "platform: x86: dell-laptop: Add support for keyboard backlight"
Revert "Documentation: Add entry for dell-laptop sysfs interface"
dm cache: fix problematic dual use of a single migration count variable
dm cache: share cache-metadata obj
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2014/Aug/78http://www.exploit-db.com/exploits/34452http://www.openwall.com/lists/oss-security/2014/08/27/4http://www.openwall.com/lists/oss-security/2014/08/29/1http://www.securityfocus.com/bid/69446http://packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2014/Aug/78http://www.exploit-db.com/exploits/34452http://www.openwall.com/lists/oss-security/2014/08/27/4http://www.openwall.com/lists/oss-security/2014/08/29/1http://www.securityfocus.com/bid/69446
2014-10-26
Published