Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DayByDay CRM - Missing Authorization when Viewing Appointments
Vulnerability Description
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Daybyday CRM 授权问题漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Daybyday CRM 中存在授权问题漏洞,该漏洞源于产品未对查看所有用户约会信息的权限添加有效限制。攻击者可可通过低权限的账户查看敏感信息。以下产品及版本受到影响: Daybyday CRM 2.0.0 至2.2.0 版本。
CVSS Information
N/A
Vulnerability Type
N/A