High severity8.8NVD Advisory· Published Jan 21, 2020· Updated Jun 17, 2026
CVE-2019-14768
CVE-2019-14768
Description
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- DIMO/YellowBox CRMdescription
- Range: <6.3.4
- Range: <6.3.4
Patches
Vulnerability mechanics
References
2- gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305nvdThird Party Advisory
- www.dimo-crm.fr/blog-crm/nvdVendor Advisory
News mentions
0No linked articles in our index yet.