3 matches found
Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224...
Design/Logic Flaw
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224...
CVE-2013-7224
Fat Free CRM before 0.12.1 is vulnerable due to unrestricted JSON serialization, allowing remote attackers to obtain sensitive information via a direct request (e.g., /users/1.json). This is supported by multiple sources in connected documents. The issue has a confirmed fix; upgrading to 0.12.1 (...