Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-01-02T11:00:00
Updated: 2024-08-06T18:01:20.098Z
Reserved: 2013-12-31T00:00:00
Link: CVE-2013-7249
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-01-02T14:59:04.190
Modified: 2014-01-03T16:57:31.603
Link: CVE-2013-7249
Redhat
No data.