mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
751 B
751 B
CVE-2019-14767
Description
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.
POC
Reference
- https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305
- https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305
Github
No PoCs found on GitHub currently.