A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/foeCat/CVE/blob/main/CRMEB/apple_login_auth_bypass.md | Exploit Mitigation Third Party Advisory |
| https://vuldb.com/?ctiid.341788 | Permissions Required VDB Entry |
| https://vuldb.com/?id.341788 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.734711 | Third Party Advisory VDB Entry |
Configurations
History
29 Jan 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/foeCat/CVE/blob/main/CRMEB/apple_login_auth_bypass.md - Exploit, Mitigation, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.341788 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.341788 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.734711 - Third Party Advisory, VDB Entry | |
| First Time |
Crmeb crmeb
Crmeb |
|
| CPE | cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:* |
20 Jan 2026, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-20 01:15
Updated : 2026-01-29 21:16
NVD link : CVE-2026-1202
Mitre link : CVE-2026-1202
CVE.ORG link : CVE-2026-1202
JSON object : View
Products Affected
crmeb
- crmeb
CWE
CWE-287
Improper Authentication