2 matches found
CVE-2015-1585
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...
CVE-2015-1585
CVE-2015-1585 - Fat Free CRM CSRF vulnerability is confirmed in Fat Free CRM versions before 0.13.6. The issue stems from CSRF protection where the authenticity_token parameter is optional, allowing remote attackers to trigger state-changing actions (e.g., creating a new administrator account) vi...