Created
January 17, 2020 17:03
-
-
Save sm0k/5de26614282669b0bcfa719b87c17305 to your computer and use it in GitHub Desktop.
YellowBox CRM - 5.5 CVE-2019-14765 CVE-2019-14766 CVE-2019-14767 CVE-2019-14768
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=========================================================================================================== | |
Incorrect Access Control in AfficheExplorateurParam() in DIMO | |
YellowBox CRM before 6.3.4 allows a standard authenticated user to use | |
administrative controllers. | |
------------------------------------------ | |
[Vulnerability Type] | |
Incorrect Access Control | |
------------------------------------------ | |
[Vendor of Product] | |
DIMO Software | |
------------------------------------------ | |
[Affected Product Code Base] | |
YellowBox CRM - before 6.3.4 | |
------------------------------------------ | |
[Affected Component] | |
AfficheExplorateurParam(); | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
A standard user can invoke administrative functions by calling javascript API. | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Pierre Lacombe - Elysium Security | |
------------------------------------------ | |
[Reference] | |
https://www.dimo-crm.fr/blog-crm/ | |
https://www.elysium-security.com/sitemap.php | |
=========================================================================================================== | |
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 | |
allows a standard authenticated user to browse the server | |
filesystem. | |
------------------------------------------ | |
[Vulnerability Type] | |
Directory Traversal | |
------------------------------------------ | |
[Vendor of Product] | |
DIMO Software | |
------------------------------------------ | |
[Affected Product Code Base] | |
YellowBox CRM - before 6.3.4 | |
------------------------------------------ | |
[Affected Component] | |
File browser interface | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
Call a vulnerable URL | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Pierre Lacombe - Elysium Security | |
------------------------------------------ | |
[Reference] | |
https://www.dimo-crm.fr/blog-crm/ | |
https://www.elysium-security.com/sitemap.php | |
=========================================================================================================== | |
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence | |
(dossier=../) and servletrecuperefichier (document=../) allows an | |
unauthenticated user to download arbitrary files from the server. | |
------------------------------------------ | |
[Vulnerability Type] | |
Directory Traversal | |
------------------------------------------ | |
[Vendor of Product] | |
DIMO Software | |
------------------------------------------ | |
[Affected Product Code Base] | |
YellowBox CRM - before 6.3.4 | |
------------------------------------------ | |
[Affected Component] | |
images/Apparence?dossier=../../../../file AND /servletrecuperefichier?document=../../../../file; | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
Call a vulnerable URL | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Pierre Lacombe - Elysium Security | |
------------------------------------------ | |
[Reference] | |
https://www.dimo-crm.fr/blog-crm/ | |
https://www.elysium-security.com/sitemap.php | |
=========================================================================================================== | |
An Arbitrary File Upload issue in the file browser of DIMO YellowBox | |
CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file | |
to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM | |
privileges. | |
------------------------------------------ | |
[VulnerabilityType Other] | |
Arbitrary File Upload | |
------------------------------------------ | |
[Vendor of Product] | |
DIMO Software | |
------------------------------------------ | |
[Affected Product Code Base] | |
YellowBox CRM - before 6.3.4 | |
------------------------------------------ | |
[Affected Component] | |
File browser interface | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
To exploit the vulnerability, an attacker must upload a malicious WAR application to the tomcat webroot, using a Path Traversal vulnerability. | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Pierre Lacombe - Elysium Security | |
------------------------------------------ | |
[Reference] | |
https://www.dimo-crm.fr/blog-crm/ | |
https://www.elysium-security.com/sitemap.php |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment