CVE-2013-7224
published 2014-01-02CVE-2013-7224: Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.53%
82.9th percentile
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatfreecrm | fat_free_crm | <= 0.12.0 | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | >= 0 < 0.12.1 | 0.12.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa5.0MEDIUM
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
ghsa·2022-05-17
CVE-2013-7224 [MEDIUM] CWE-200 Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for `users/1.json`.
OSV
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
osv·2022-05-17
CVE-2013-7224 [MEDIUM] Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for `users/1.json`.
OSV
Fat Free CRM vulnerable to Exposure of Sensitive Information
osv·2022-05-17·CVSS 5.0
CVE-2013-7249 [MEDIUM] Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for `users/1.xml`, a different vulnerability than CVE-2013-7224.
GHSA
Fat Free CRM vulnerable to Exposure of Sensitive Information
ghsa·2022-05-17·CVSS 5.0
CVE-2013-7249 [MEDIUM] CWE-200 Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM vulnerable to Exposure of Sensitive Information
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for `users/1.xml`, a different vulnerability than CVE-2013-7224.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328https://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328https://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29
2014-01-02
Published