Enviar #825439: Bottelet DaybydayCRM <= 2.2.1 Insecure Direct Object Reference (IDOR) / Improper Authorizationinformación

TítuloBottelet DaybydayCRM <= 2.2.1 Insecure Direct Object Reference (IDOR) / Improper Authorization
DescripciónA critical vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. The issue affects the view and download methods in the app/Http/Controllers/DocumentsController.php file. Due to a lack of ownership and proper authorization checks, any authenticated user can view and download arbitrary documents by simply supplying an external_id (Insecure Direct Object Reference). Issue: https://github.com/Bottelet/DaybydayCRM/issues/347 Fix Pull Request: https://github.com/Bottelet/DaybydayCRM/pull/362
Fuente⚠️ https://github.com/Bottelet/DaybydayCRM/issues/347
Usuario
 Mitchell45 (UID 98149)
Sumisión2026-05-11 11:40 (hace 24 días)
Moderación2026-05-31 18:26 (20 days later)
EstadoAceptado
Entrada de VulDB367575 [Bottelet DaybydayCRM hasta 2.2.1 DocumentsController.php view escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!