Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1585

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-1585
Last Modified 20 Feb 2015 08:30:27
Published 19 Feb 2015 10:59:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1585

Summary

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.

Vulnerable Systems

Application

  • Fatfreecrm Fat Free Crm 0.13.5


References

CONFIRM - https://github.com/fatfreecrm/fat_free_crm/wiki/CSRF-Vulnerability-%28CVE-2015-1585%29

XF - fatfreecrm-cve20151585-csrf(100925)

BUGTRAQ - 20150214 [CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5

MISC - http://packetstormsecurity.com/files/130410/Fat-Free-CRM-0.13.5-Cross-Site-Request-Forgery.html


Last Updated: 27 May 2016 11:07:54