Vulnerabilities > CVE-2024-50653 - Unspecified vulnerability in Crmeb

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

crmeb

NVD

Published: 2024-11-15

Updated: 2024-11-20

Summary

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection.

Vulnerable Configurations

Part	Description	Count
Application	Crmeb Crmeb Crmeb - Crmeb Crmeb 2.0 Crmeb Crmeb 2.5.2 Crmeb Crmeb 2.5.3 Crmeb Crmeb 2.5.35 Crmeb Crmeb 2.5.36 Crmeb Crmeb 2.6 Crmeb Crmeb 2.6.0 Crmeb Crmeb 2.6.13 Crmeb Crmeb 2.60 Crmeb Crmeb 3.0 Crmeb Crmeb 3.1 Crmeb Crmeb 3.1.0\+ Crmeb Crmeb 3.2.8 Crmeb Crmeb 4.4.0 Crmeb Crmeb 4.4.2 Crmeb Crmeb 4.4.4 Crmeb Crmeb 4.6.0 Crmeb Crmeb 5.2.2	19

References

https://github.com/crmeb
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50653