Ahamed Yaseen

**Name of the Vulnerable Software and Affected Versions** Perfex CRM versions prior to 3.3.1 **Description** The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the `username` and `password` parameters in a login request. Successful exploitation grants unauthorized access to user accounts, potentially including administrative accounts. **Recommendations** Update Perfex CRM to version 3.3.1 or later.