CVE-2011-5213

BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-5213. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Browser CRM 5.100.01, including an example SQLi payload. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Description

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36448

The provided text describes SQL injection and XSS vulnerabilities in Browser CRM 5.100.01, including an example SQLi payload. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Browser CRM 5.100.01
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36449

The provided text describes SQL injection and XSS vulnerabilities in Browser CRM 5.100.01 due to insufficient input sanitization. It includes a sample SQLi payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Browser CRM 5.100.01
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77733
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71828
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47217
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77734
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77735

Scores

EPSS 0.0245
EPSS Percentile 82.3%

Details

CWE
CWE-89
Status published
Products (29)
browsercrm/browsercrm 4.604.01
browsercrm/browsercrm 4.605.00
browsercrm/browsercrm 4.607.00
browsercrm/browsercrm 4.610.00
browsercrm/browsercrm 4.611.01
browsercrm/browsercrm 4.612.00
browsercrm/browsercrm 4.614.00
browsercrm/browsercrm 4.615.10
browsercrm/browsercrm 4.615.11
browsercrm/browsercrm 4.616.00
... and 19 more
Published Oct 25, 2012
Tracked Since Feb 18, 2026