CNNVD-202602-004 Information

CNNVD ID

CNNVD-202602-004

Related CVE

CVE-2026-1733

• CNNVD Published: 2026-02-01

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.3及之前版本存在授权问题漏洞，该漏洞源于对文件/api/store_integral/order/detail/:uni中参数order_id的错误操作，可能导致授权不当。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.3 and previous versions had a mandate gap, which stemmed from a mishandling of the parameter order id in document/api/store integral/order/detail/:uni, which could lead to inappropriate authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

CRMEB

Published

2026-02-01

Last Modified

2026-02-24

References

https://github.com/foeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md https://github.com/foeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md#%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0 https://vuldb.com/?ctiid.343632 https://vuldb.com/?id.343632 https://vuldb.com/?submit.736558

Patch

https://github.com/crmeb/CRMEB/releases