In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
References
Link | Resource |
---|---|
https://github.com/Bottelet/DaybydayCRM/blob/master/config/session.php#L32 | Third Party Advisory |
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22113 | Exploit Third Party Advisory |
Configurations
History
25 Feb 2022, 16:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
14 Jan 2022, 19:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:daybydaycrm:daybyday:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
First Time |
Daybydaycrm daybyday
Daybydaycrm |
|
CWE | CWE-613 | |
References | (MISC) https://github.com/Bottelet/DaybydayCRM/blob/master/config/session.php#L32 - Third Party Advisory | |
References | (MISC) https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22113 - Exploit, Third Party Advisory |
13 Jan 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-13 09:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-22113
Mitre link : CVE-2022-22113
CVE.ORG link : CVE-2022-22113
JSON object : View
Products Affected
daybydaycrm
- daybyday
CWE
CWE-613
Insufficient Session Expiration