Unrated severityNVD Advisory· Published Oct 26, 2014· Updated Jun 17, 2026
CVE-2014-5520
CVE-2014-5520
Description
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/128030/XRMS-Blind-SQL-Injection-Command-Execution.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Aug/78nvdExploit
- www.exploit-db.com/exploits/34452nvdExploit
- www.openwall.com/lists/oss-security/2014/08/27/4nvdExploit
- www.securityfocus.com/bid/69446nvdExploit
- www.openwall.com/lists/oss-security/2014/08/29/1nvd
News mentions
0No linked articles in our index yet.