| tiêu đề | Indotalent Free-CRM v1.0 commit: b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Improper Access Controls |
|---|
| Mô tả | A broken access control vulnerability in Free-CRM v1.0 and earlier allows a low-privileged authenticated user to obtain full administrative access. The application renders privileged administrative content prior to authorization enforcement and relies solely on a client-side redirect to restrict access. By interrupting or bypassing the redirect using browser navigation controls or developer-tool debugger pause, an attacker can access a fully functional administrative interface and perform privileged operations such as user enumeration, account modification, and password reset, resulting in complete application compromise. |
|---|
| Nguồn | ⚠️ https://github.com/Ghufran2/CVE-Free-CRM-Advisories/blob/main/Free-CRM%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Authorization%20Bypass.md |
|---|
| Người dùng | Ghufran Khan (UID 95493) |
|---|
| Đệ trình | 14/02/2026 15:16 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 26/02/2026 15:44 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347987 [go2ismail Free-CRM đến b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Administrative Interface Redirect] |
|---|
| điểm | 20 |
|---|