漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
DayByDay CRM - Insufficient Session Expiration after Password Change
Vulnerability Description
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Bottelet Daybyday Crm 代码问题漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Bottelet DayByDay CRM 存在安全漏洞,该漏洞源于在 DayByDay CRM 中,版本 2.2.0 到 2.2.1(最新)容易受到会话过期不足的影响。 当用户或管理员更改密码时,已登录的用户即使在密码更改后仍可以访问应用程序。
CVSS Information
N/A
Vulnerability Type
N/A