VIR Vulnerability Intelligence Relay

CVE-2013-7224

medium
Published 2013-12-24 · Modified 2024-12-03
CVSS v3
CVSS v2
5.0
VIR risk
5.0

Description

Fat Free CRM allows remote attackers to obtain sensitive information via a direct request

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29

Package impact
EcosystemPackageVulnerableFixed
ruby RubyGemsfat_free_crm<>= 0.13.0>= 0.13.0
ruby RubyGemsfat_free_crm<0.12.10.12.1

Application impact
VendorProductVersionsFixed
fatfreecrmfat_free_crm{"endIncluding":"0.12.0"}
fatfreecrmfat_free_crm0.9.6
fatfreecrmfat_free_crm0.9.7
fatfreecrmfat_free_crm0.9.8
fatfreecrmfat_free_crm0.9.9
fatfreecrmfat_free_crm0.9.10
fatfreecrmfat_free_crm0.10.1
fatfreecrmfat_free_crm0.11.0
fatfreecrmfat_free_crm0.11.1
fatfreecrmfat_free_crm0.11.2

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.