3 matches found
CVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...
CVE-2025-5993
CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...
CVE-2025-5993 Path Traversal in ITCube CRM
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...