| 제목 | Bottelet DaybydayCRM <= 2.2.1 Mass Assignment (CWE-915) |
|---|
| 설명 | A mass assignment vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. It has been rated as medium severity. The issue affects status update endpoints within TasksController, ProjectsController, and LeadsController. Due to the improper use of fill($request->all()) without filtering allowable input, an authenticated user can overwrite sensitive fields such as the title, description, or assigned user during a status update. The vulnerability was patched in Pull Request #363 by explicitly filtering inputs using the only() method. |
|---|
| 원천 | ⚠️ https://github.com/Bottelet/DaybydayCRM/issues/348 |
|---|
| 사용자 | Mitchell_45 (UID 98150) |
|---|
| 제출 | 2026. 05. 11. PM 12:06 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 31. PM 06:26 (20 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 367576 [Bottelet DaybydayCRM 까지 2.2.1 Setting 약한 인증] |
|---|
| 포인트들 | 0 |
|---|