VYPR
High severity7.5NVD Advisory· Published Jan 5, 2022· Updated Jun 17, 2026

CVE-2022-22110

CVE-2022-22110

Description

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
bottelet/flarepointPackagist
>= 1.1, < 2.2.12.2.1

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.