CVE-2022-22113

Name of the Vulnerable Software and Affected Versions DayByDay CRM versions 2.2.0 through 2.2.1

Description The issue is related to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in will still have access to the application even after the password was changed.

Recommendations For DayByDay CRM versions 2.2.0 through 2.2.1, consider implementing a session expiration mechanism that invalidates existing sessions when a user's password is changed, to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.