CVE-2026-1733
CVE-2026-1733 affects Zhong Bang CRMEB up to v5.6.3, where in the detail/tidyOrder path (/api/store_integral/order/detail/:uni) an order_id parameter can be manipulated to bypass authorization. The issue is exploitable remotely and a public exploit exists. Red Hat and CVE listings confirm the sam...