PT-2026-3524 · Crmeb · Crmeb

Ho Cherry

Publicado

2026-01-20

Atualizado

2026-01-25

CVE-2026-1202

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.4

Description A security flaw exists in CRMEB that allows improper authentication. This is due to manipulation of the openId argument within the appleLogin function located in the file crmeb/app/api/controller/v1/LoginController.php. The issue is exploitable remotely. The exploit has been publicly released.

Recommendations Update CRMEB to version 5.6.4 or later. As a temporary workaround, restrict access to the appleLogin function within the crmeb/app/api/controller/v1/LoginController.php file.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2026-1202

Produtos afetados

Crmeb

PT-2026-3524 · Crmeb · Crmeb

CVE-2026-1202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9