Security Advisory

CVE-2019-14768

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-21 15:36:02

Last updated 2024-08-05 00:26:38

Assigner mitre

State PUBLISHED

Description

An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.

← Browse all CVEs View on cve.org ↗