CNNVD-202509-1867 Information

CNNVD ID

CNNVD-202509-1867

Related CVE

CVE-2025-10390

• CNNVD Published: 2025-09-14

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在授权问题漏洞，该漏洞源于对文件app/services/user/UserAddressServices.php中函数editAddress的参数ID操作不当，可能导致授权不当。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.1 and previous versions had a mandate gap, which stemmed from the inappropriate operation of parameter ID for the function editAddress in documentapp/services/user/UserAddressServices.php, which could lead to inappropriate delegation of authority.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

CRMEB

Published

2025-09-14

Last Modified

2026-02-24

References

https://vuldb.com/?submit.644578 https://vuldb.com/?ctiid.323825 https://github.com/August829/Yu/blob/main/58ead8e7e08bfb014.md https://vuldb.com/?id.323825 https://access.redhat.com/security/cve/cve-2025-10390