Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2014-5520
- EPSS 7.44%
- Published 26.10.2014 20:55:03
- Last modified 12.04.2025 10:46:40
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
6.5
CVE-2014-5521
- EPSS 9.79%
- Published 02.09.2014 14:55:03
- Last modified 12.04.2025 10:46:40
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
1