3 matches found
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...
CVE-2019-14768
CVE-2019-14768 affects DIMO YellowBox CRM prior to 6.3.4. An authenticated user can exploit an Arbitrary File Upload in the file browser to deploy a WebApp WAR to the Tomcat server via Path Traversal, enabling remote code execution with SYSTEM privileges. The vulnerability stems from improper val...
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...