XRMS SQLi to RCE 0day

["Benjamin Harris" <bch () hush ai>]

Hi

OSS-Security: Can I request a CVE for this please?

XRMS Description:
----------------------

The most advanced open source customer relationship management 
(CRM), Sales Force Automation (SFA) suite: also features business 
intelligence (BI) tools, Computer Telephony Integration (CTI), and 
advanced plugin architecture. PHP/ADOdb/LAMP

Brief:
-------------------------------

I tried to report this to the developers/get it fixed a month ago, 
although I've had no response from the developers. This should work 
against latest, was found a long time ago, and I recently found it 
while brushing off some hard drives.

Details:
------------------------

We get SQL injection via $_SESSION poisoning which we use to 
retrieve admin credentials. We then authenticate with these 
credentials and exploit a trivial command injection. Attached is a 
working POC.

Many thanks,
Ben

Attachment: release.py
Description: