← volver
CVE-2022-1411

Unrestructed file upload in yetiforcecompany/yetiforcecrm

CVSS 9.1 CRITICALEPSS 0.7%CWE-434
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Productos afectados
yetiforcecompany · yetiforcecompany/yetiforcecrm

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/yetiforcecompany/yetiforcecrm/commit/bf69c427260011ffca42f7b6935bb54080c54124https://huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529