header-logo
Suggest Exploit
vendor:
Browser CRM
by:
7.5
CVSS
HIGH
SQL Injection, Cross-Site Scripting
89, 79
CWE
Product Name: Browser CRM
Affected Version From: 5.100.01
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple SQL Injection and Cross-Site Scripting Vulnerabilities in Browser CRM

The Browser CRM application is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques on the user-supplied data. Additionally, using parameterized queries or prepared statements can help prevent SQL injection attacks. Regular security audits and updates should also be performed to address any potential vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/51060/info
 
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 

http://www.example.com/modules/Documents/index.php?id=1&contact_id=1%27%20OR%20%271%27=%271

Navigation

Suggest Exploit

Services By CQR