Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-01-02T11:00:00
Updated: 2024-08-06T18:01:19.786Z
Reserved: 2013-12-28T00:00:00
Link: CVE-2013-7224
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-01-02T14:59:04.110
Modified: 2014-01-03T16:58:17.167
Link: CVE-2013-7224
Redhat
No data.