Vulnerabilities > Dimo CRM

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-21	CVE-2019-14768	Unrestricted Upload of File with Dangerous Type vulnerability in Dimo-Crm Yellowbox CRM An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. network low complexity dimo-crm CWE-434 critical	9.0
2020-01-21	CVE-2019-14767	Path Traversal vulnerability in Dimo-Crm Yellowbox CRM In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. network low complexity dimo-crm CWE-22	5.0
2020-01-21	CVE-2019-14766	Path Traversal vulnerability in Dimo-Crm Yellowbox CRM Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. network low complexity dimo-crm CWE-22	4.0
2020-01-21	CVE-2019-14765	Unspecified vulnerability in Dimo-Crm Yellowbox CRM Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. network low complexity dimo-crm	6.5

Vulnerabilities > Dimo CRM {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dimo CRM"}]}