提交 #825442: Bottelet DaybydayCRM <= 2.2.1 Improper Authorization信息

标题Bottelet DaybydayCRM <= 2.2.1 Improper Authorization
描述A systemic improper authorization vulnerability was found in Bottelet DaybydayCRM up to version 2.2.1. It has been rated as high severity. The issue affects multiple controllers across the application, notably the Settings, Users, Clients, Tasks, Leads, Projects, and Offers controllers. Specifically, many delete operations and sensitive settings modifications (such as updateOverall and updateFirstStep) lack proper permission checks and middleware validation. This allows any authenticated user to perform unauthorized actions, including modifying global system settings and deleting arbitrary resources (users, clients, tasks, leads, etc.). The issue was addressed in Pull Request #363 by enforcing the missing authorization checks.
来源⚠️ https://github.com/Bottelet/DaybydayCRM/issues/348
用户
 Mitchell_45 (UID 98150)
提交2026-05-11 12時05分 (29 日前)
管理2026-05-31 18時26分 (20 days later)
状态已接受
VulDB条目367576 [Bottelet DaybydayCRM 直到 2.2.1 Setting 弱身份验证]
积分20

上一步一览下一步

Do you know our Splunk app?

Download it now for free!