CVE-2019-14767

HIGH

DIMO YellowBox CRM < 6.3.4 - Unauthenticated Path Traversal via images/Apparence and servletrecuperefichier

Title source: llm
STIX 2.1

Description

In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.dimo-crm.fr/blog-crm/
Not Applicable x_refsource_misc
https://www.elysium-security.com/sitemap.php

Scores

CVSS v3 7.5
EPSS 0.0144
EPSS Percentile 69.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
dimo-crm/yellowbox_crm < 6.3.4
Published Jan 21, 2020
Tracked Since Feb 18, 2026