RSS   Vulnerabilities for 'Yellowbox crm'   RSS

2020-01-21
 
CVE-2019-14768

CWE-434
 

 
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.

 
 
CVE-2019-14767

CWE-22
 

 
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

 
 
CVE-2019-14766

CWE-22
 

 
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.

 
 
CVE-2019-14765

CWE-269
 

 
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.

 


Copyright 2024, cxsecurity.com

 

Back to Top