CVE-2011-5213
Description
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
BrowserCRM 5.100.1 - 'contact_id' SQL Injection
BrowserCRM 5.100.1 - 'parent_id' SQL Injection
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| browsercrm | browsercrm | {"endIncluding":"5.100.01"} | |
| browsercrm | browsercrm | 4.604.01 | |
| browsercrm | browsercrm | 4.605.00 | |
| browsercrm | browsercrm | 4.607.00 | |
| browsercrm | browsercrm | 4.610.00 | |
| browsercrm | browsercrm | 4.611.01 | |
| browsercrm | browsercrm | 4.612.00 | |
| browsercrm | browsercrm | 4.614.00 | |
| browsercrm | browsercrm | 4.615.10 | |
| browsercrm | browsercrm | 4.615.11 | |
| browsercrm | browsercrm | 4.616.00 | |
| browsercrm | browsercrm | 4.617.00 | |
| browsercrm | browsercrm | 4.619.00 | |
| browsercrm | browsercrm | 4.620.01 | |
| browsercrm | browsercrm | 4.622.00 | |
| browsercrm | browsercrm | 4.624.00 | |
| browsercrm | browsercrm | 4.624.01 | |
| browsercrm | browsercrm | 4.624.50 | |
| browsercrm | browsercrm | 4.624.60 | |
| browsercrm | browsercrm | 4.624.70 | |
| browsercrm | browsercrm | 4.624.80 | |
| browsercrm | browsercrm | 4.624.90 | |
| browsercrm | browsercrm | 4.691.01 | |
| browsercrm | browsercrm | 4.999.20 | |
| browsercrm | browsercrm | 5.000.00 | |
| browsercrm | browsercrm | 5.000.01 | |
| browsercrm | browsercrm | 5.001.00 | |
| browsercrm | browsercrm | 5.002.00 | |
| browsercrm | browsercrm | 5.100.00 | |
References
- http://osvdb.org/77733
- http://osvdb.org/77734
- http://osvdb.org/77735
- http://secunia.com/advisories/47217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71828
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
- http://osvdb.org/77733
- http://osvdb.org/77734
- http://osvdb.org/77735
- http://secunia.com/advisories/47217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71828
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.