CVE-2015-1585

Name of the Vulnerable Software and Affected Versions Fat Free CRM versions prior to 0.13.6

Description The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks. This can be achieved by sending a request without the authenticity token, for example, via a crafted HTML page. Such an attack can result in creating a new administrator account.

Recommendations For versions prior to 0.13.6, update to version 0.13.6 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to prevent unauthorized requests.