CVE-2013-7223

Name of the Vulnerable Software and Affected Versions Fat Free CRM versions prior to 0.12.1

Description The issue is related to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of victims via unknown vectors. The cause is linked to the lack of a protect from forgery line in the app/controllers/application controller.rb file.

Recommendations For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider adding the protect from forgery line to the app/controllers/application controller.rb file to mitigate the risk of CSRF attacks.