CVE-2026-9493NVD

Vulnerability Summary

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details.

Severity Level

MEDIUM(6.5)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://www.twcert.org.tw/tw/cp-132-10938-97ddd-1.html
https://www.twcert.org.tw/en/cp-139-10940-d90bd-2.html