Skip to main content

Fat Free Crm

8 CVEs product

Monthly

CVE-2019-10226 MEDIUM POC This Month

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fat Free Crm
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
4.7%
CVE-2015-1585 Ruby MEDIUM POC PATCH This Month

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-5441 Ruby MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Fat Free Crm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7249 Ruby MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-7225 Ruby MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fat Free Crm
NVD GitHub
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-7224 Ruby MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-7223 Ruby MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-7222 Ruby MEDIUM POC PATCH This Month

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
EPSS 5% CVSS 5.4
MEDIUM POC This Month

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fat Free Crm
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Fat Free Crm
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fat Free Crm
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy