Sha256: cf4fd000ee6b3a9b46c7685df2e65c0ca05c67ad9ee76584f701dd9d8f04a7d4
Contents?: true
Size: 721 Bytes
Versions: 1
Compression:
Stored size: 721 Bytes
Contents
--- gem: fat_free_crm osvdb: 101448 cve: 2013-7225 url: https://nvd.nist.gov/vuln/detail/CVE-2013-7225 title: Fat Free CRM Gem for Ruby allows remote attackers to inject or manipulate SQL queries date: 2013-12-24 description: | Fat Free CRM contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the app/controllers/home_controller.rb script not properly sanitizing user-supplied input to the 'state' parameter or input passed via comments and emails. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. cvss_v2: 6.5 patched_versions: - ">= 0.13.0" - "~> 0.12.1"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7225.yml |