CVE

Id
78862  
CVE No.
CVE-2015-1585  
Status
Candidate  
Description
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.  
Phase
Assigned (20150211)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
719039 78862 CVE-2015-1585 BUGTRAQ:20150214 [CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5  View
719040 78862 CVE-2015-1585 URL:http://www.securityfocus.com/archive/1/archive/1/534709/100/0/threaded  View
719041 78862 CVE-2015-1585 MISC:http://packetstormsecurity.com/files/130410/Fat-Free-CRM-0.13.5-Cross-Site-Request-Forgery.html  View
719042 78862 CVE-2015-1585 CONFIRM:https://github.com/fatfreecrm/fat_free_crm/wiki/CSRF-Vulnerability-%28CVE-2015-1585%29  View
719043 78862 CVE-2015-1585 XF:fatfreecrm-cve20151585-csrf(100925)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
6345 JVNDB-2015-001665 複数の Microsoft Windows 製品の Schannel における EXPORT_RSA 暗号に対して暗号スイートのダウングレード攻撃を実行される脆弱性 複数の Microsoft Windows 製品の Schannel (別名 Secure Channel) は、TLS ステートの遷移を適切に制限しないため、EXPORT_RSA 暗号に対して暗号スイートのダウングレード攻撃を実行される脆弱性が存在します。 CVE-2015-1637 78862 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001665.html  View