9 matches found
Denial Of Service (DoS)
fatfreecrm is vulnerable to denial of service. The vulnerability exists in bucketempty function of task.rb due to incomplete return statements which allows an attacker to remotely cause an application crash...
CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...
CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...
CVE-2022-39281
CVE-2022-39281 affects fat_free_crm before 0.20.1. An authenticated user can trigger a remote Denial of Service via the bucket access in the Tasks endpoint, caused by the Task model’s bucket_empty? logic. The issue has been fixed in commit c85a254 and will be released in 0.20.1; patching is recom...
CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...
Cross-site Scripting (XSS)
fatfreecrm is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the string entered for query in app/helpers/tagshelper.rb, allowing an attacker to inject arbitrary script through it...
Cross-site Scripting (XSS)
fatfreecrm is vulnerable to cross-site scripting XSS. The vulnerability exists through query in app/helpers/tagshelper.rb...
Information Leakage Via Error Pages
fatfreecrm is vulnerable to information leakage via error pages. The vulnerability is possible because considerallrequestslocal is set to true by default in production mode, exposing the server setup information in 404 and 500 error pages...
Unauthorised New User Signup
fatfreecrm is susceptible to unauthorised new user signup. The vulnerability exists because userscontroller does not prevent creation of a new user signup using crafted POST request...