CVE-2023-49508Path Traversal in Customer Relationship Management

CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Yetiforce Customer Relationship ManagementYetiforce Yetiforce-crm
Timeline
PublishedFeb 16

Description

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Packagistyetiforce/yetiforce-crm< 6.5.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
CVEList
CVE-2023-49508: Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 62024-02-16
GHSA
YetiForceCRM Directory Traversal vulnerability2024-02-16
OSV
YetiForceCRM Directory Traversal vulnerability2024-02-16
CVE-2023-49508 — Path Traversal | cvebase