exploitDog

GHSA-8xv3-84rr-j23r

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

Ссылки

EPSS

Процентиль: 81%

0.01542

Низкий

CVE ID

Связанные уязвимости

CVE-2019-14767

CVSS3: 7.5

nvd

около 6 лет назад

In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

EPSS

Процентиль: 81%

0.01542

Низкий

CVE ID