CVE-2026-1733 | Zhong Bang CRMEB up to 5.6.3 :uni detail/tidyOrder order_id improper authorization

Inserito da Angelo Barbosa | Feb 1, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization.

This vulnerability is documented as CVE-2026-1733. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1733 | Zhong Bang CRMEB up to 5.6.3 :uni detail/tidyOrder order_id improper authorization

Post correlati

CVE-2025-53170 | Huawei HarmonyOS 5.1.0 Application Exit Cause Module null pointer dereference

CVE-2023-7163 | D-Link D-View 8 up to 2.0.2.89 Inventory input validation

CVE-2025-7341 | HT Contact Form Widget Plugin up to 2.2.1 on WordPress temp_file_delete denial of service

CVE-2025-10236 | binary-husky gpt_academic up to 3.91 LaTeX File latex_toolbox.py merge_tex_files_ input{} path traversal