config/initializers/secret_token.rb in Fat Free CRM prior to 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote malicious users to spoof signed cookies by referring to the key in the source code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fatfreecrm fat free crm 0.11.2 |
||
fatfreecrm fat free crm 0.9.9 |
||
fatfreecrm fat free crm 0.9.7 |
||
fatfreecrm fat free crm 0.11.1 |
||
fatfreecrm fat free crm 0.11.0 |
||
fatfreecrm fat free crm 0.10.1 |
||
fatfreecrm fat free crm 0.9.10 |
||
fatfreecrm fat free crm |
||
fatfreecrm fat free crm 0.9.8 |
||
fatfreecrm fat free crm 0.9.6 |