CVE-2013-7224

Name of the Vulnerable Software and Affected Versions Fat Free CRM versions prior to 0.12.1

Description The issue allows remote attackers to obtain sensitive information via a direct request. This is demonstrated by a request for "users/1.json", which is an API endpoint that is vulnerable due to unrestricted JSON serialization.

Recommendations For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "users/1.json" API endpoint until a patch is available. Avoid using the users/1.json endpoint in untrusted environments to minimize the risk of exploitation.