Fatfreecrm : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak)

CVE-2013-7249

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Max CVSS
5.0
EPSS Score
0.90%
Published
2014-01-02
Updated
2014-01-03

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Max CVSS
5.0
EPSS Score
0.59%
Published
2014-01-02
Updated
2014-01-03
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close