CVE-2022-23383
CRITICALYzmCMS v6.3 - Unauthenticated Improper Authentication
Title source: llmDescription
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://yzmcms.com
Product, Third Party Advisory x_refsource_misc
https://down.chinaz.com/soft/37810.htm
Permissions Required, Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/user/myreport/6499961
Scores
CVSS v3
9.1
EPSS
0.0146
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
yzmcms/yzmcms
6.3
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026