CVE-2014-5520

xrms_crm - SQL Injection via user_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5520. PoCs published by Benjamin Harris.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection via $_SESSION poisoning in XRMS, followed by command execution. It extracts admin credentials through time-based SQLi and then leverages session manipulation to achieve RCE.

Description

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.

Exploits (1)

exploitdb WORKING POC

by Benjamin Harris · pythonwebappsphp

https://www.exploit-db.com/exploits/34452

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection via $_SESSION poisoning in XRMS, followed by command execution. It extracts admin credentials through time-based SQLi and then leverages session manipulation to achieve RCE.

Classification

Working Poc 95%

Attack Type

Sqli | Rce

Complexity

Moderate

Reliability

Reliable

Target: XRMS (version not specified)

No auth needed

Prerequisites: Target must be running vulnerable XRMS instance · Network access to the target

MITRE ATT&CK