PT-2014-3293 · Fat Free Crm · Fat Free Crm

Fgeeko

Published

2014-01-02

Updated

2022-05-17

CVE-2013-7224

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fat Free CRM versions prior to 0.12.1

Description The issue allows remote attackers to obtain sensitive information via a direct request. This is demonstrated by a request for "users/1.json", which is an API endpoint that is vulnerable due to unrestricted JSON serialization.

Recommendations For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "users/1.json" API endpoint until a patch is available. Avoid using the users/1.json endpoint in untrusted environments to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-7224

GHSA-4XQ9-VW89-P5CX

Affected Products

Fat Free Crm

PT-2014-3293 · Fat Free Crm · Fat Free Crm

CVE-2013-7224

Weakness Enumeration

Related Identifiers

Affected Products

References · 9