An issue exists in 1CRM System up to and including 8.6.7. An insecure direct object reference to internally stored files allows a remote malicious user to access various sensitive information via an unauthenticated request with a predictable URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
1crm 1crm |