2 matches found
Code injection
config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...
CVE-2013-7222
config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...