Unrestricted Upload of File with Dangerous Type Affecting yetiforce/yetiforce-crm package, versions >=0.0.0, <6.4.0
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-YETIFORCEYETIFORCECRM-2808933
- published 6 May 2022
- disclosed 6 May 2022
- credit Raptor
Introduced: 6 May 2022
CVE-2022-1411 Open this link in a new tabHow to fix?
Upgrade yetiforce/yetiforce-crm
to version 6.4.0 or higher.
Overview
yetiforce/yetiforce-crm is an an open and innovative CRM system. Our team created for you one of the most innovative CRM systems that supports mainly business processes and allows for customization according to your needs. Be ahead of your competition and implement YetiForce!
Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type where an attacker can send malicious files to the victims. They'll then be able to retrieve the stored data from the web application without that data being made safe, to render in the browser and steals the victim's cookie leads to account takeover.