Dimo-crm Yellowbox Crm — known CVE vulnerabilities
Every CVE whose affected-product data names Dimo-crm Yellowbox Crm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-14765 — CVSS 8.8 (high): Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use…
CVE-2019-14768 — CVSS 8.8 (high): An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new…
CVE-2019-14767 — CVSS 7.5 (high): In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an…
CVE-2019-14766 — CVSS 6.5 (medium): Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.