Fat Free CRM prior to 0.12.1 does not restrict XML serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fatfreecrm fat free crm 0.10.1 |
||
fatfreecrm fat free crm 0.9.10 |
||
fatfreecrm fat free crm 0.9.9 |
||
fatfreecrm fat free crm 0.9.8 |
||
fatfreecrm fat free crm |
||
fatfreecrm fat free crm 0.11.1 |
||
fatfreecrm fat free crm 0.9.6 |
||
fatfreecrm fat free crm 0.9.7 |
||
fatfreecrm fat free crm 0.11.2 |
||
fatfreecrm fat free crm 0.11.0 |