CVE-2022-1411

Name of the Vulnerable Software and Affected Versions yetiforcecrm versions prior to 6.4.0

Description The issue concerns an unrestricted file upload in the GitHub repository yetiforcecompany/yetiforcecrm. An attacker can send malicious files, retrieve stored data from the web application without proper safety measures to render in the browser, and steal the victim's cookie, leading to account takeover.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or implementing additional security measures to prevent malicious file uploads until a patch is applied.