Enviar #735349: Zhongbang CRMEB v5.6.3 Authentication Bypass byinformación

TítuloZhongbang CRMEB v5.6.3 Authentication Bypass by
DescripciónThe remote_register endpoint accepts base64-encoded JSON tokens without verifying JWT signatures. Attackers can forge arbitrary tokens to create unlimited fake accounts or login as any existing user by specifying any uid value. The root cause is using JWT::urlsafeB64Decode() instead of JWT::decode(). The former only decodes base64 without cryptographic signature verification, while the latter properly validates JWT signatures.
Fuente⚠️ https://github.com/foeCat/CVE/blob/main/CRMEB/jwt_auth_bypass/remote_register_jwt_bypass.md
Usuario
 Ho Cherry (UID 94105)
Sumisión2026-01-09 15:53 (hace 5 meses)
Moderación2026-01-19 16:28 (10 days later)
EstadoAceptado
Entrada de VulDB341789 [CRMEB hasta 5.6.3 JSON Token LoginServices.php remoteRegister uid autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!