Xrms Crm Project Xrms Crm vulnerabilities
2 known vulnerabilities affecting xrms_crm_project/xrms_crm.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2014-5521P3MEDIUMCVSS 6.5PoCv1.99.22014-09-02
CVE-2014-5521 [MEDIUM] CWE-89 CVE-2014-5521: plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
nvd
CVE-2014-5520P3HIGHCVSS 7.5PoCv1.99.22014-10-26
CVE-2014-5520 [HIGH] CWE-89 CVE-2014-5520: SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitra
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
nvd