Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zOTRtLXZ4d2otMzYzas4AA5VY

Moderate EPSS: 0.00147% (0.36104 Percentile) EPSS:
Permalink JSON

YetiForceCRM Directory Traversal vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm < 6.5.0 6.5.0
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

All unaffected versions

6.5.0, 7.0.0

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.

References:

Identifiers

GHSA-394m-vxwj-363j

CVE-2023-49508

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00147

EPSS Percentile: 0.36104

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/YetiForceCompany/YetiForceCRM

Date and time

Published

over 1 year ago

Updated

7 months ago

API

JSON