Skip to content

Instantly share code, notes, and snippets.

@sm0k

sm0k/gist:5de26614282669b0bcfa719b87c17305

Created January 17, 2020 17:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sm0k/5de26614282669b0bcfa719b87c17305 to your computer and use it in GitHub Desktop.
Save sm0k/5de26614282669b0bcfa719b87c17305 to your computer and use it in GitHub Desktop.
Download ZIP
YellowBox CRM - 5.5 CVE-2019-14765 CVE-2019-14766 CVE-2019-14767 CVE-2019-14768
Raw
gistfile1.txt
===========================================================================================================
Incorrect Access Control in AfficheExplorateurParam() in DIMO
YellowBox CRM before 6.3.4 allows a standard authenticated user to use
administrative controllers.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
DIMO Software
------------------------------------------
[Affected Product Code Base]
YellowBox CRM - before 6.3.4
------------------------------------------
[Affected Component]
AfficheExplorateurParam();
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
A standard user can invoke administrative functions by calling javascript API.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Pierre Lacombe - Elysium Security
------------------------------------------
[Reference]
https://www.dimo-crm.fr/blog-crm/
https://www.elysium-security.com/sitemap.php
===========================================================================================================
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4
allows a standard authenticated user to browse the server
filesystem.
------------------------------------------
[Vulnerability Type]
Directory Traversal
------------------------------------------
[Vendor of Product]
DIMO Software
------------------------------------------
[Affected Product Code Base]
YellowBox CRM - before 6.3.4
------------------------------------------
[Affected Component]
File browser interface
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Call a vulnerable URL
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Pierre Lacombe - Elysium Security
------------------------------------------
[Reference]
https://www.dimo-crm.fr/blog-crm/
https://www.elysium-security.com/sitemap.php
===========================================================================================================
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence
(dossier=../) and servletrecuperefichier (document=../) allows an
unauthenticated user to download arbitrary files from the server.
------------------------------------------
[Vulnerability Type]
Directory Traversal
------------------------------------------
[Vendor of Product]
DIMO Software
------------------------------------------
[Affected Product Code Base]
YellowBox CRM - before 6.3.4
------------------------------------------
[Affected Component]
images/Apparence?dossier=../../../../file AND /servletrecuperefichier?document=../../../../file;
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Call a vulnerable URL
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Pierre Lacombe - Elysium Security
------------------------------------------
[Reference]
https://www.dimo-crm.fr/blog-crm/
https://www.elysium-security.com/sitemap.php
===========================================================================================================
An Arbitrary File Upload issue in the file browser of DIMO YellowBox
CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file
to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM
privileges.
------------------------------------------
[VulnerabilityType Other]
Arbitrary File Upload
------------------------------------------
[Vendor of Product]
DIMO Software
------------------------------------------
[Affected Product Code Base]
YellowBox CRM - before 6.3.4
------------------------------------------
[Affected Component]
File browser interface
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
To exploit the vulnerability, an attacker must upload a malicious WAR application to the tomcat webroot, using a Path Traversal vulnerability.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Pierre Lacombe - Elysium Security
------------------------------------------
[Reference]
https://www.dimo-crm.fr/blog-crm/
https://www.elysium-security.com/sitemap.php
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment