This vulnerability affects Bottelet DaybydayCRM versions 2.2.0 and 2.2.1, specifically in the 'view' function of the app/Http/Controllers/DocumentsController.php file. The issue is improper authorization, meaning the application does not correctly verify user permissions before granting access to certain resources. The vulnerability can be exploited remotely without user interaction and requires low privileges to attempt exploitation. The CVSS 4.0 base score is 5.3, indicating medium severity. No known exploits are reported in the wild, and no official patch or vendor advisory detailing remediation is currently available.

Successful exploitation could allow an attacker with limited privileges to access resources or data they are not authorized to view, potentially leading to unauthorized information disclosure. The impact is limited to improper authorization without elevation of privileges or code execution. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. It is recommended to monitor official Bottelet communications for a patch addressing this issue. Until a fix is available, consider restricting access to the affected functionality or applying additional access controls at the network or application level to limit exposure.