CVE-2013-7249 – fat_free_crm

Package

Manager: gem
Name: fat_free_crm
Vulnerable Version: >=0 <0.12.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00667 pctl0.70378

Details

Fat Free CRM vulnerable to Exposure of Sensitive Information Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for `users/1.xml`, a different vulnerability than CVE-2013-7224.

Metadata

Created: 2022-05-17T04:55:27Z
Modified: 2023-01-23T14:44:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f25h-3mj6-4jpg/GHSA-f25h-3mj6-4jpg.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-f25h-3mj6-4jpg
Finding: F038
Auto approve: 1