Title: Indotalent Free-CRM v1.0 commit: b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Improper Access Controls Description: - A broken access control vulnerability exists in Free-CRM v1.0 and earlier, allowing low-privileged authenticated users to gain full administrative access. - The application relies on a client-side redirect to restrict access. - By manipulating or bypassing the redirect using browser navigation or developer tools, an attacker can access the administrative interface and perform privileged operations like user enumeration, account modification, and password reset, leading to complete application compromise. Source: - URL: https://github.com/Ghufran2/CVE-Free-CRM-Advisories/blob/main/Free-CRM%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Authorization%20Bypass.md User: Ghufran Khan (UID 95493) Submission Date: 02/14/2026 Moderation Date: 02/26/2026 Status: Accepted VulDB Entry: 347987 Points: 20