Fatfreecrm : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak)
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Max CVSS
5.0
EPSS Score
0.90%
Published
2014-01-02
Updated
2014-01-03
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Max CVSS
5.0
EPSS Score
0.59%
Published
2014-01-02
Updated
2014-01-03
2 vulnerabilities found