Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DayByDay CRM - Insufficient Session Expiration after Password Change
Vulnerability Description
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Bottelet Daybyday Crm 代码问题漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Bottelet DayByDay CRM 存在安全漏洞,该漏洞源于在 DayByDay CRM 中,版本 2.2.0 到 2.2.1(最新)容易受到会话过期不足的影响。 当用户或管理员更改密码时,已登录的用户即使在密码更改后仍可以访问应用程序。
CVSS Information
N/A
Vulnerability Type
N/A