Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unrestructed file upload in yetiforcecompany/yetiforcecrm
Vulnerability Description
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
YetiForceCrm 代码问题漏洞
Vulnerability Description
YetiForceCrm是波兰YetiForce公司的一个开源的 Crm 系统。 YetiForceCrm 6.4.0之前版本存在安全漏洞,该漏洞源于应用中的未重构的文件上传存在问题。攻击者可以向受害者发送恶意文件,并利用该漏洞从Web应用中检索存储数据,窃取受害者的cookie,实现接管账户。
CVSS Information
N/A
Vulnerability Type
N/A