CVE-2026-9493

MEDIUM NVD

CVSS Score 6.5

Severity MEDIUM

Published May 29, 2026

Vendor unknown

Description

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details.

References

https://www.twcert.org.tw/en/cp-139-10940-d90bd-2.html
https://www.twcert.org.tw/tw/cp-132-10938-97ddd-1.html