Filtered by vendor Dimo-crm
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | |||||
| CVE-2019-14767 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | |||||
| CVE-2019-14766 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | |||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | |||||