Unrestricted Upload of File with Dangerous Type Affecting yetiforce/yetiforce-crm package, versions >=0.0.0, <6.4.0


0.0
critical

Snyk CVSS

    Attack Complexity Low
    Scope Changed
    Availability High

    Threat Intelligence

    EPSS 0.07% (29th percentile)
Expand this section
NVD
6.1 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-YETIFORCEYETIFORCECRM-2808933
  • published 6 May 2022
  • disclosed 6 May 2022
  • credit Raptor

How to fix?

Upgrade yetiforce/yetiforce-crm to version 6.4.0 or higher.

Overview

yetiforce/yetiforce-crm is an an open and innovative CRM system. Our team created for you one of the most innovative CRM systems that supports mainly business processes and allows for customization according to your needs. Be ahead of your competition and implement YetiForce!

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type where an attacker can send malicious files to the victims. They'll then be able to retrieve the stored data from the web application without that data being made safe, to render in the browser and steals the victim's cookie leads to account takeover.

References