CVE-2013-7225
Description
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
1.147
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-7225,CVE-2013-7249,CVE-2013-7224,CVE-2013-7223,CVE-2013-7222 are fixed in Ruby-fat_free_crm 0.12.1 | Windows |
| Vulnerabilities CVE-2013-7225,CVE-2013-7249,CVE-2013-7224,CVE-2013-7223,CVE-2013-7222 are fixed in Ruby-fat_free_crm for Linux 0.12.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234