ADVISORIES
- CVE-2013-7222 (NVD)
- GHSA-g897-cgfc-7q8v
- OSVDB-101445
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
- >= 0.13.0
- ~> 0.12.1
DESCRIPTION
Fat Free CRM contains a flaw that is due to the application defining a static security session token in config/initialiers/secret_token.rb. If a remote attacker has explicit knowledge of this token, they can potentially execute arbitrary code.