Отправить #825439: Bottelet DaybydayCRM <= 2.2.1 Insecure Direct Object Reference (IDOR) / Improper AuthorizationИнформация

Название	Bottelet DaybydayCRM <= 2.2.1 Insecure Direct Object Reference (IDOR) / Improper Authorization
Описание	A critical vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. The issue affects the view and download methods in the app/Http/Controllers/DocumentsController.php file. Due to a lack of ownership and proper authorization checks, any authenticated user can view and download arbitrary documents by simply supplying an external_id (Insecure Direct Object Reference). Issue: https://github.com/Bottelet/DaybydayCRM/issues/347 Fix Pull Request: https://github.com/Bottelet/DaybydayCRM/pull/362
Источник	⚠️ https://github.com/Bottelet/DaybydayCRM/issues/347
Пользователь	Mitchell45 (UID 98149)
Представление	11.05.2026 11:40 (25 дни назад)
Модерация	31.05.2026 18:26 (20 days later)
Статус	принято
Запись VulDB	367575 [Bottelet DaybydayCRM до 2.2.1 DocumentsController.php view эскалация привилегий]
Баллы	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!