CNNVD-202602-036 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-036
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.3及之前版本存在安全漏洞,该漏洞源于crontab端点组件中文件crmeb/app/api/controller/v1/CrontabController.php缺少授权检查。
Description (English)
CRMEB is a Java mall system open to CRMEB. There is a security loophole in CRMEB 5.6.3 and previous versions, which stems from the lack of authorization to inspect document crmeb/app/api/controller/v1/CrontabController.php in the curontab endpoint component.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
CRMEB
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_access.md https://github.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_access.md#proof-of-concept https://vuldb.com/?ctiid.343633 https://vuldb.com/?id.343633 https://vuldb.com/?submit.736619
Patch
https://github.com/crmeb/CRMEB/releases
Share on: