CVE-2026-10282

MEDIUM 4.3

Bottelet DaybydayCRM DocumentsController.php view improper authorization

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to resolve this issue.

CWE	CWE-285 CWE-266
Vendor	bottelet
Product	daybydaycrm
Published	Jun 1, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for bottelet daybydaycrm

Be the first to know when new medium vulnerabilities affecting bottelet daybydaycrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Bottelet / DaybydayCRM

2.2.0 2.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367575 vuldb.com: https://vuldb.com/vuln/367575/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10282 vuldb.com: https://vuldb.com/submit/825439 vuldb.com: https://vuldb.com/submit/825440 github.com: https://github.com/Bottelet/DaybydayCRM/issues/347 github.com: https://github.com/Bottelet/DaybydayCRM/pull/362 github.com: https://github.com/Bottelet/DaybydayCRM/

Credits

🔍 Mitchell45 (VulDB User)