Shodan
Vulnerabilities
Vulnerable Software
Fatfreecrm:  >> Fat Free Crm  >> 0.10.1  Security Vulnerabilities
CVE-2018-20975
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-20
CVE-2015-1585
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.
CVSS Score
6.8
EPSS Score
0.003
Published
2015-02-19
CVE-2014-5441
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-09-12
CVE-2013-7222
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
CVSS Score
5.0
EPSS Score
0.009
Published
2014-01-02
CVE-2013-7223
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.
CVSS Score
6.8
EPSS Score
0.005
Published
2014-01-02
CVE-2013-7224
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
CVSS Score
5.0
EPSS Score
0.006
Published
2014-01-02
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
CVSS Score
6.5
EPSS Score
0.011
Published
2014-01-02
CVE-2013-7249
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-01-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved