Vulnerabilities

CVE-2022-22108

by Fred · 05/01/2022

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.

Date published : 2022-01-05

https://github.com/Bottelet/DaybydayCRM/commit/fe842ea5ede237443f1f45a99aeb839133115d8b

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22108

Similar

Tags: Cybersecurity Alert