CVE-2022-22108
CVE-2022-22108 affects DayByDay CRM, versions 2.0.0–2.2.0, due to Missing Authorization. An attacker with the lowest-privilege account (employee) can view the absences of all users, including administrators, indicating insufficient access control for absence data. The provided documents do not sp...