Vulnerabilities > Xrms CRM Project

DATE	CVE	VULNERABILITY TITLE	RISK
2014-10-26	CVE-2014-5520	SQL Injection vulnerability in Xrms CRM Project Xrms CRM 1.99.2 SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. network low complexity xrms-crm-project CWE-89	7.5
2014-09-02	CVE-2014-5521	SQL Injection vulnerability in Xrms CRM Project Xrms CRM 1.99.2 plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. network low complexity xrms-crm-project CWE-89	6.5

Vulnerabilities > Xrms CRM Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xrms CRM Project"}]}