Fat Free CRM prior to 0.12.1 does not restrict JSON serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fatfreecrm fat free crm |
||
fatfreecrm fat free crm 0.9.8 |
||
fatfreecrm fat free crm 0.9.6 |
||
fatfreecrm fat free crm 0.11.1 |
||
fatfreecrm fat free crm 0.11.0 |
||
fatfreecrm fat free crm 0.10.1 |
||
fatfreecrm fat free crm 0.9.10 |
||
fatfreecrm fat free crm 0.11.2 |
||
fatfreecrm fat free crm 0.9.9 |
||
fatfreecrm fat free crm 0.9.7 |