Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Yellowbox_crm
(Dimo\-Crm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-21 | CVE-2019-14768 | An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | Yellowbox_crm | 8.8 | ||
| 2020-01-21 | CVE-2019-14765 | Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | Yellowbox_crm | N/A | ||
| 2020-01-21 | CVE-2019-14767 | In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | Yellowbox_crm | N/A | ||
| 2020-01-21 | CVE-2019-14766 | Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | Yellowbox_crm | N/A |