What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms infocob-crm-forms allows Path Traversal.This issue affects Infocob CRM Forms: from n/a through <= 2.4.0.
Explanation of Vulnerability in Simple Terms
02Summary
Infocob CRM Forms versions 2.4.0 and earlier contain a path traversal vulnerability that allows authenticated administrators to read arbitrary files from the server. An attacker with high-level privileges can bypass directory restrictions and access sensitive files outside the intended application directory. This vulnerability requires administrative access and does not affect data integrity or availability.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server filesystem.
Potential impact on your site
04Site Impact
Administrators with malicious intent or compromised admin accounts can access sensitive files like configuration files, database credentials, or private keys.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative privileges on the CRM system.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
April 28, 2026
Record updated