Unknown · Yetiforcecrm · CVE-2023-49508
**Name of the Vulnerable Software and Affected Versions**
YetiForceCRM versions 6.4.0 and before
**Description**
A Directory Traversal issue allows a remote authenticated attacker to obtain sensitive information via the `license` parameter in the LibraryLicense.php component.
**Recommendations**
For versions 6.4.0 and before, consider restricting access to the LibraryLicense.php component until a patch is available.
As a temporary workaround, avoid using the `license` parameter in the affected component to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.