CNNVD-202509-1870 Information

CNNVD ID

CNNVD-202509-1870

Related CVE

CVE-2025-10389

• CNNVD Published: 2025-09-14

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在授权问题漏洞，该漏洞源于对文件app/services/system/admin/SystemAdminServices.php中组件Administrator Password Handler的参数ID的错误操作，可能导致授权不当。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.1 and previous versions had a mandate gap, which stemmed from an error in the performance of the parameter ID of component Administrator Password Handler in documentapp/services/system/admin/SystemAdminServices.php, which could lead to improper delegation of authority.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

CRMEB

Published

2025-09-14

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.323824 https://vuldb.com/?submit.644543 https://github.com/August829/Yu/blob/main/58ead8e7e08bfb013.md https://vuldb.com/?id.323824 https://access.redhat.com/security/cve/cve-2025-10389