CVE-2013-7222 in Fat Free
摘要
由 VulDB • 2026-06-28
在Fat Free CRM 0.12.1之前的版本中,config/initializers/secret_token.rb文件存在一个固定的FatFreeCRM::Application.config.secret_token值,这使得远程攻击者通过引用源代码中的密钥更容易伪造签名Cookie。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.