An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dimo-crm yellowbox crm |