CNNVD-202601-3321 Information

CNNVD ID

CNNVD-202601-3321

Related CVE

CVE-2026-1202

• CNNVD Published: 2026-01-20

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.3及之前版本存在授权问题漏洞，该漏洞源于对文件crmeb/app/api/controller/v1/LoginController.php中参数openId的错误操作，可能导致身份验证不当。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.3 and previous versions had a mandate gap, which stemmed from an error in the use of parameter openId in document crmeb/app/api/controller/v1/ LoginController.php, which could lead to improper identification.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

CRMEB

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/foeCat/CVE/blob/main/CRMEB/apple_login_auth_bypass.md https://vuldb.com/?ctiid.341788 https://vuldb.com/?id.341788 https://vuldb.com/?submit.734711