GHSA-wx7c-8j35-mpg8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wx7c-8j35-mpg8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wx7c-8j35-mpg8/GHSA-wx7c-8j35-mpg8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wx7c-8j35-mpg8
- Aliases
-
- CVE-2015-1585
- Published
- 2022-05-14T02:49:30Z
- Modified
- 2024-12-06T05:39:31.251257Z
- Summary
- Fat Free CRM Cross-Site Request Forgery vulnerability
- Details
-
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.
- Database specific
{ "nvd_published_at": "2015-02-19T15:59:00Z", "cwe_ids": [ "CWE-352" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-01-23T14:26:45Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-1585
- https://github.com/fatfreecrm/fat_free_crm/commit/86fd7f98c9583fd36384987282d1c086fdcecd7c
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100925
- https://github.com/fatfreecrm/fat_free_crm
- https://github.com/fatfreecrm/fat_free_crm/wiki/CSRF-Vulnerability-%28CVE-2015-1585%29
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fat_free_crm/CVE-2015-1585.yml
- http://packetstormsecurity.com/files/130410/Fat-Free-CRM-0.13.5-Cross-Site-Request-Forgery.html
Affected packages
RubyGems / fat_free_crm
Package
- Name
- fat_free_crm
- Purl
- pkg:gem/fat_free_crm