| Title | Zhongbang CRMEB v5.6.3 Improper Authentication |
|---|
| Description | The Apple login functionality in CRMEB Mall System (v5.6.3 and earlier) does not verify the cryptographic signature of Apple's identity token. Instead, it directly trusts the client-provided openId parameter without any validation. This allows unauthenticated remote attackers to forge arbitrary openId values to either:
(1) create unlimited fake user accounts, or
(2) log in as any existing Apple user if their openId is known.
The vulnerability exists in LoginController.php where the application bypasses Apple's official identity verification process, violating secure authentication principles (CWE-287). Successful exploitation grants full account access with valid JWT tokens. |
|---|
| Source | ⚠️ https://github.com/foeCat/CVE/blob/main/CRMEB/apple_login_auth_bypass.md |
|---|
| User | Ho Cherry (UID 94105) |
|---|
| Submission | 01/08/2026 19:13 (5 months ago) |
|---|
| Moderation | 01/19/2026 16:28 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341788 [CRMEB up to 5.6.3 LoginController.php appleLogin openId improper authentication] |
|---|
| Points | 20 |
|---|