Vulnerability Details CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://openwall.com/lists/oss-security/2013/12/28/2
- http://seclists.org/fulldisclosure/2013/Dec/199
- http://www.phenoelit.org/stuff/ffcrm.txt
- https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066
- https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd
- https://github.com/fatfreecrm/fat_free_crm/issues/300
- https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29
- http://openwall.com/lists/oss-security/2013/12/28/2
- http://seclists.org/fulldisclosure/2013/Dec/199
- http://www.phenoelit.org/stuff/ffcrm.txt
- https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066
- https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd
- https://github.com/fatfreecrm/fat_free_crm/issues/300
- https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29
Products affected by CVE-2013-7225
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.10.1
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.0
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.1
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.2
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.3
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.4
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.12.0
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.0
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.1
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.10
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.2
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.3
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.4
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.5
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.6
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.7
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.8
-
cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.9