In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=…/) and servletrecuperefichier (document=…/) allows an unauthenticated user to download arbitrary files from the server.
CPE | Name | Operator | Version |
---|---|---|---|
yellowbox_crm | lt | 6.3.4 |