CVE-2024-50653

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt