| शीर्षक | Bottelet DaybydayCRM <= 2.2.1 Improper Authorization |
|---|
| विवरण | A systemic improper authorization vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. It has been rated as high severity. The issue affects multiple controllers across the application, notably the Settings, Users, Clients, Tasks, Leads, Projects, and Offers controllers. Specifically, many delete operations and sensitive settings modifications (such as updateOverall and updateFirstStep) lack proper permission checks and middleware validation. This allows any authenticated user to perform unauthorized actions, including modifying global system settings and deleting arbitrary resources (users, clients, tasks, leads, etc.). The issue was addressed in Pull Request #363 by enforcing the missing authorization checks. |
|---|
| स्रोत | ⚠️ https://github.com/Bottelet/DaybydayCRM/issues/348 |
|---|
| उपयोगकर्ता | Mitchell_45 (UID 98150) |
|---|
| सबमिशन | 11/05/2026 12:05 PM (30 दिन पहले) |
|---|
| संयम | 31/05/2026 06:26 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367576 [Bottelet DaybydayCRM तक 2.2.1 Setting कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|