CVE-2013-7223

medium

Published 2013-12-24 · Modified 2024-12-03

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Fat Free CRM contains Cross-site Request Forgery vulnerablilities

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/fatfreecrm/fat_free_crm/commit/a7fedbb36388bad0c0f32b2346481e0ea126dea6

Ecosystem	Package	Vulnerable	Fixed
RubyGems	fat_free_crm	`<>= 0.13.0`	`>= 0.13.0`
RubyGems	fat_free_crm	`<0.12.1`	`0.12.1`

Vendor	Product	Versions
fatfreecrm	fat_free_crm	`{"endIncluding":"0.12.0"}`
fatfreecrm	fat_free_crm	`0.9.6`
fatfreecrm	fat_free_crm	`0.9.7`
fatfreecrm	fat_free_crm	`0.9.8`
fatfreecrm	fat_free_crm	`0.9.9`
fatfreecrm	fat_free_crm	`0.9.10`
fatfreecrm	fat_free_crm	`0.10.1`
fatfreecrm	fat_free_crm	`0.11.0`
fatfreecrm	fat_free_crm	`0.11.1`
fatfreecrm	fat_free_crm	`0.11.2`

CWE-352

Verify integrity in audit chain (admin only). AS-IS.