Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2014-5521

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.

  • Published: Sep 2, 2014
  • Updated: Nov 9, 2025
  • CVE: CVE-2014-5521
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
xrms_crm_project / xrms_crm 1.99.2 1.99.2.x