CVE-2013-7223
published 2014-01-02CVE-2013-7223: Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.20%
64.3th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatfreecrm | fat_free_crm | <= 0.12.0 | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | >= 0 < 0.12.1 | 0.12.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
ghsa·2022-05-17
CVE-2013-7223 [MEDIUM] CWE-352 Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a `protect_from_forgery` line in `app/controllers/application_controller.rb`.
OSV
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
osv·2022-05-17
CVE-2013-7223 [MEDIUM] Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a `protect_from_forgery` line in `app/controllers/application_controller.rb`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/a7fedbb36388bad0c0f32b2346481e0ea126dea6https://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/a7fedbb36388bad0c0f32b2346481e0ea126dea6https://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29
2014-01-02
Published