| عنوان | Bottelet DaybydayCRM <= 2.2.1 Improper Authorization |
|---|
| الوصف | A vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. It has been rated as medium to high severity. The issue affects the updateAssign methods in multiple controllers, specifically TasksController, ProjectsController, and LeadsController. These methods lack the required permission checks (e.g., can() checks), which allows unauthorized authenticated users to inappropriately modify resource assignments across the application. The vulnerability was patched in Pull Request #362 by enforcing proper assignment permission checks matching their respective sibling updateStatus methods. |
|---|
| المصدر | ⚠️ https://github.com/Bottelet/DaybydayCRM/issues/347 |
|---|
| المستخدم | Mitchell45 (UID 98149) |
|---|
| ارسال | 11/05/2026 11:42 AM (1 شهر منذ) |
|---|
| الاعتدال | 31/05/2026 06:26 PM (20 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 367575 [Bottelet DaybydayCRM حتى 2.2.1 DocumentsController.php view تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|