CVE-2022-22113

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

En DayByDay CRM, las versiones 2.2.0 hasta 2.2.1 (la más reciente) son vulnerables a una Caducidad de Sesión Insuficiente. Cuando un usuario o un administrador ha cambiado la contraseña, un usuario que ya había iniciado la sesión, seguirá teniendo acceso a la aplicación incluso después de haber cambiado la contraseña