PT-2026-5586 · Unknown · Zhong Bang Crmeb
Ho Cherry
·
Publicado
2026-02-01
·
Atualizado
2026-02-02
·
CVE-2026-1734
CVSS v4.0
5.5
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Zhong Bang CRMEB versions up to 5.6.3
Description
A security issue exists in Zhong Bang CRMEB. The flaw affects unknown code within the file
crmeb/app/api/controller/v1/CrontabController.php of the crontab component. This results in missing authorization, allowing remote attacks. The exploit for this issue is publicly available. The vendor was notified but did not respond. The affected API endpoint is /api/v1/CrontabController.Recommendations
Versions up to 5.6.3 should be updated to a newer, secure version if available. As a temporary workaround, consider restricting access to the
CrontabController.php file or the crontab component to minimize the risk of exploitation.Exploit
Correção
Missing Authorization
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zhong Bang Crmeb