| Title | Zhongbang CRMEB v5.6.3 Assigning instead of Comparing |
|---|
| Description | The address edit endpoint contains a critical bug where an assignment operator (=) is used instead of a comparison operator (==) in the ownership validation check. This allows attackers to modify and steal any user's address by simply knowing the address ID.
The vulnerability at line 216 performs $address_check['uid'] = $uid (assignment) instead of $address_check['uid'] == $uid (comparison). Since assignment always succeeds and returns the assigned value, the condition evaluates to true, bypassing the authorization check. Combined with line 205 which sets $addressInfo['uid'] = $uid, this allows attackers to transfer address ownership to themselves.
|
|---|
| Source | ⚠️ https://github.com/foeCat/CVE/blob/main/CRMEB/address_idor_bypass/address_edit_idor_ownership_takeover.md |
|---|
| User | Ho Cherry (UID 94105) |
|---|
| Submission | 01/09/2026 05:37 PM (1 month ago) |
|---|
| Moderation | 01/19/2026 04:28 PM (10 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 323825 [CRMEB up to 5.6.1 UserAddressServices.php editAddress ID improper authorization] |
|---|
| Points | 0 |
|---|