Vulnerability Description
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yetiforce | Yetiforce Customer Relationship Management | < 6.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/YetiForceCompany/YetiForceCRM/commit/ba3a348aa6ecdf0a1d8b289cPatch
- https://github.com/c4v4r0n/Research/tree/main/CVE-2023-49508Third Party Advisory
- https://huntr.com/bounties/29ed641d-eb03-4532-aed4-f96e11f78983/Permissions Required
- https://github.com/YetiForceCompany/YetiForceCRM/commit/ba3a348aa6ecdf0a1d8b289cPatch
- https://github.com/c4v4r0n/Research/tree/main/CVE-2023-49508Third Party Advisory
- https://huntr.com/bounties/29ed641d-eb03-4532-aed4-f96e11f78983/Permissions Required
FAQ
What is CVE-2023-49508?
CVE-2023-49508 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the Lib...
How severe is CVE-2023-49508?
CVE-2023-49508 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49508?
Check the references section above for vendor advisories and patch information. Affected products include: Yetiforce Yetiforce Customer Relationship Management.