Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DayByDay CRM - Weak Password Requirements in Update User
Vulnerability Description
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
弱口令要求
Vulnerability Title
Daybyday CRM 处理逻辑错误漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Daybyday CRM 中存在处理逻辑错误漏洞,该漏洞源于产品的更新功能中未对密码强度做有效验证,攻击者可通过该漏洞创建极低强度的密码。以下产品及版本受到影响: Daybyday CRM 1.1 至 2.2.0版本。
CVSS Information
N/A
Vulnerability Type
N/A