Filtered by vendor Dimo-crm Subscriptions
Filtered by product Yellowbox Crm Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-14768 1 Dimo-crm 1 Yellowbox Crm 2024-11-21 8.8 High
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
CVE-2019-14767 1 Dimo-crm 1 Yellowbox Crm 2024-11-21 7.5 High
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.
CVE-2019-14766 1 Dimo-crm 1 Yellowbox Crm 2024-11-21 6.5 Medium
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.
CVE-2019-14765 1 Dimo-crm 1 Yellowbox Crm 2024-11-21 8.8 High
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.