PT-2026-22215 · Unknown · Go2Ismail Free-Crm

Ghufran Khan

Publicado

2026-02-26

Atualizado

2026-03-03

CVE-2026-3265

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1

Description A flaw exists in go2ismail Free-CRM. This issue impacts an unknown part of the /api/Security/ file within the Security API component, potentially leading to improper authorization. The attack can be carried out remotely, and a public exploit is available. The product utilizes a rolling release strategy, making specific version details for affected or updated releases unavailable. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Update to a version prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

Exploit

Correção

Incorrect Privilege Assignment

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285

Identificadores relacionados

CVE-2026-3265

Produtos afetados

Go2Ismail Free-Crm

PT-2026-22215 · Unknown · Go2Ismail Free-Crm

CVE-2026-3265

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8