Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 5, 2022
OverviewIn DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.
DetailsDayByDay CRM allows any user (including low privileged users) in an application with “Update a User” permission set to change the password of any other users (including administrators) beyond his role and department access. This allows the attacker to escalate his privileges to the highest level.
PoC DetailsFor demonstration purposes we'll use:
email@example.com, a low privileged user with an “Update a User” role.
firstname.lastname@example.org, a highest privileged administrator.
Login into the application as Admin, and verify the “update user” role is enabled to an “Employee” type under Roles & Permissions Management in settings on the left panel.
Now login as Alice, and click edit on Admin user in All users under users section in the left panel.
Change Admin’s password, and a message approving the password change will be displayed.
You now have full access to the admin’s account.
Affected Environmentsbottelet/flarepoint - 2.2.0
PreventionUpdate to 2.2.1 in "bottelet/flarepoint" package, 2.2.1 in "Bottelet/DaybydayCRM" repo.
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||None|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|