Xrms Crm vulnerabilities
4 known vulnerabilities affecting xrms/xrms_crm.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2008-3399P3MEDIUMCVSS 6.8PoCv1.99.22008-07-31
CVE-2008-3399 [MEDIUM] CWE-94 CVE-2008-3399: PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, wh
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
nvd
CVE-2008-3400P4MEDIUMCVSS 4.3PoCv1.99.22008-07-31
CVE-2008-3400 [MEDIUM] CWE-200 CVE-2008-3400: XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
nvd
CVE-2008-3948P3HIGHCVSS 7.5v1.99.22008-09-05
CVE-2008-3948 [HIGH] CWE-89 CVE-2008-3948: SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arb
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
nvd
CVE-2008-3398P4LOWCVSS 2.6PoCv1.99.22008-07-31
CVE-2008-3398 [LOW] CVE-2008-3398: Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inj
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
nvd