CVEDB API

Vulnerabilities

Vulnerable Software

Xrms: >> Xrms Crm >> 1.99.2 Security Vulnerabilities

CVE-2008-3948

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2008-09-05

CVE-2008-3398

Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.

CVSS Score

2.6

EPSS Score

0.038

Published

2008-07-31

CVE-2008-3399

PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.

CVSS Score

6.8

EPSS Score

0.009

Published

2008-07-31

CVE-2008-3400

XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.

CVSS Score

4.3

EPSS Score

0.027

Published

2008-07-31

Page 1

Vulnerabilities

Vulnerable Software

Xrms: >> Xrms Crm >> 1.99.2 Security Vulnerabilities

Products

Pricing

Contact Us