Fat Free Crm Security Vulnerabilities and Issues — Fat Free Crm CVE List

Lucene search

FatfreecrmFat Free Crm

5 matches found

CVE•added 2022/10/08 1:15 a.m.•79 views

CVE-2022-39281

fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be a...

6.5CVSS6.3AI score0.02489EPSS

CVE•added 2015/02/19 3:59 p.m.•60 views

CVE-2015-1585

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.

6.8CVSS6.5AI score0.00283EPSS

CVE•added 2019/08/20 1:15 p.m.•60 views

CVE-2018-20975

Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.

6.1CVSS5.9AI score0.00301EPSS

CVE•added 2014/01/02 2:59 p.m.•43 views

CVE-2013-7225

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.

6.5CVSS8.3AI score0.01147EPSS

CVE•added 2014/01/02 2:59 p.m.•41 views

CVE-2013-7223

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.

6.8CVSS7.4AI score0.00522EPSS