Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fatfreecrm fat free crm 0.9.9 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-7222
config/initializers/secret_token.rb in Fat Free CRM prior to 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote malicious users to spoof signed cookies by referring to the key in the source code.
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
6.8
CVSSv2
CVE-2013-7223
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM prior to 0.12.1 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_contr...
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.6
5
CVSSv2
CVE-2013-7224
Fat Free CRM prior to 0.12.1 does not restrict JSON serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
6.5
CVSSv2
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM prior to 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.9
5
CVSSv2
CVE-2013-7249
Fat Free CRM prior to 0.12.1 does not restrict XML serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started