yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists due to insufficient permissions checks which allows a malicious attacker to create a new admin account and cause a csrf attack.
CPE | Name | Operator | Version |
---|---|---|---|
yetiforce/yetiforce-crm | le | 6.3.0 | |
yetiforce/yetiforce-crm | le | 6.3.0 |