Unrestricted Upload of File with Dangerous Type Affecting yetiforce/yetiforce-crm Open this link in a new tab package, versions >=0.0.0


0.0
critical
  • Attack Complexity

    Low

  • Scope

    Changed

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PHP-YETIFORCEYETIFORCECRM-2808933

  • published

    6 May 2022

  • disclosed

    6 May 2022

  • credit

    Raptor

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

yetiforce/yetiforce-crm is an an open and innovative CRM system. Our team created for you one of the most innovative CRM systems that supports mainly business processes and allows for customization according to your needs. Be ahead of your competition and implement YetiForce!

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type where an attacker can send malicious files to the victims. They'll then be able to retrieve the stored data from the web application without that data being made safe, to render in the browser and steals the victim's cookie leads to account takeover.

References