2 matches found
CVE-2019-14767
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence dossier=../ and servletrecuperefichier document=../ allows an unauthenticated user to download arbitrary files from the server...
CVE-2019-14767
In DIMO YellowBox CRM prior to version 6.3.4, a Path Traversal vulnerability exists in images/Apparence (dossier=../) and servletrecuperefichier (document=../) that allows an unauthenticated user to download arbitrary files from the server. Affected component: the application’s file retrieval pat...