CNNVD-202601-3320 Information
Jan 20, 2026
cve
CNNVD ID
CNNVD-202601-3320
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.3及之前版本存在授权问题漏洞,该漏洞源于对组件JSON Token Handler的文件crmeb/app/services/user/LoginServices.php中参数uid的错误操作,可能导致身份验证不当。
Description (English)
CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.3 and previous versions had a mandate gap, which stemmed from the error of uid in the parameter in the documentcrmeb/app/services/user/LoginServices.php for component JSON Token Handler, which could lead to improper identification.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
CRMEB
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/foeCat/CVE/blob/main/CRMEB/jwt_auth_bypass/remote_register_jwt_bypass.md https://vuldb.com/?ctiid.341789 https://vuldb.com/?id.341789 https://vuldb.com/?submit.735349
Share on: