Vulnerability Description
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yetiforce | Yetiforce Customer Relationship Management | < 6.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/yetiforcecompany/yetiforcecrm/commit/bf69c427260011ffca42f7b6PatchThird Party Advisory
- https://huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529ExploitThird Party Advisory
- https://github.com/yetiforcecompany/yetiforcecrm/commit/bf69c427260011ffca42f7b6PatchThird Party Advisory
- https://huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529ExploitThird Party Advisory
FAQ
What is CVE-2022-1411?
CVE-2022-1411 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web applicatio...
How severe is CVE-2022-1411?
CVE-2022-1411 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1411?
Check the references section above for vendor advisories and patch information. Affected products include: Yetiforce Yetiforce Customer Relationship Management.