Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fatfreecrm fat free crm 0.11.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2013-7222
config/initializers/secret_token.rb in Fat Free CRM prior to 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote malicious users to spoof signed cookies by referring to the key in the source code.
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
578
VMScore
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM prior to 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.9
605
VMScore
CVE-2013-7223
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM prior to 0.12.1 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_contr...
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.6
445
VMScore
CVE-2013-7224
Fat Free CRM prior to 0.12.1 does not restrict JSON serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
445
VMScore
CVE-2013-7249
Fat Free CRM prior to 0.12.1 does not restrict XML serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started