Improper Authorization Vulnerability in Bottelet DaybydayCRM
CVE-2026-10282

5.3MEDIUM

Key Information:

Vendor

Bottelet

Status
Daybydaycrm
Vendor
CVE Published:
1 June 2026

What is CVE-2026-10282?

A security vulnerability has been identified in Bottelet DaybydayCRM versions up to 2.2.1, specifically within the DocumentsController.php file. This flaw allows for improper authorization, enabling an attacker to potentially manipulate the viewing function remotely. It is crucial to apply the appropriate patch to mitigate this risk and protect the integrity of the application.

Affected Version(s)

DaybydayCRM 2.2.0

DaybydayCRM 2.2.1

References

https://vuldb.com/vuln/367575
vdb-entrytechnical-description
https://vuldb.com/vuln/367575/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10282
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mitchell45 (VulDB User)
.