CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
73.4%
Fat Free CRM contains a flaw that may allow carrying out an SQL injection
attack. The issue is due to the app/controllers/home_controller.rb script
not properly sanitizing user-supplied input to the ‘state’ parameter or
input passed via comments and emails. This may allow a remote attacker to
inject or manipulate SQL queries in the back-end database, allowing for
the manipulation or disclosure of arbitrary data.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | fat_free_crm | * | cpe:2.3:a:ruby:fat_free_crm:*:*:*:*:*:*:*:* |