Broken Access Control in YzmCMS v6.3 by YzmCMS
CVE-2022-23383

9.1CRITICAL

Key Information:

Vendor
Yzmcms
Status
Yzmcms
Vendor
CVE Published:
10 March 2022

Summary

YzmCMS v6.3 is susceptible to a broken access control issue, enabling unauthorized users to gain access to the personal home pages of registered users without requiring login credentials. This vulnerability arises from inadequate validation of a user's authentication status, allowing access to private information and user data across the platform. Ensuring proper access checks is critical to safeguarding user privacy and maintaining the integrity of the web application.

References

http://yzmcms.com
x_refsource_MISC
https://down.chinaz.com/soft/37810.htm
x_refsource_MISC
https://www.cnvd.org.cn/user/myreport/6499961
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.