CNNVD-202509-1866 Information

CNNVD ID

CNNVD-202509-1866

Related CVE

CVE-2025-10391

• CNNVD Published: 2025-09-14

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在代码问题漏洞，该漏洞源于对文件app/services/out/OutAccountServices.php中参数push_token_url的错误操作，可能导致服务端请求伪造。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.1 and previous versions had a code problem loophole, which stemmed from a mishandling of the parameter push token url in documentapp/services/out/OutAccountServices.php, which could lead to the forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

CRMEB

Published

2025-09-14

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.323826 https://github.com/August829/Yu/blob/main/58ead8e7e08bfb015.md https://vuldb.com/?id.323826 https://vuldb.com/?submit.644582 https://access.redhat.com/security/cve/cve-2025-10391